EIPStackGroup OpENer Ethernet/IP

Plan Patch8.2ICS-CERT ICSA-21-105-02Apr 15, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OpENer Ethernet/IP library versions prior to February 10, 2021 contain multiple vulnerabilities (CWE-681, CWE-125, CWE-617) that could allow remote attackers to cause a denial-of-service condition or read data from affected devices. The vulnerabilities can be exploited without authentication or user interaction by sending specially crafted Ethernet/IP packets. No public exploits are currently known, and the maintainer recommends applying the latest commits to remediate.

What this means

What could happen

An attacker could exploit these vulnerabilities in OpENer to deny service to devices using Ethernet/IP communications or read sensitive data from the network stream, disrupting process automation and potentially exposing configuration or operational details.

Who's at risk

Organizations operating Ethernet/IP automation devices that use OpENer library versions prior to February 10, 2021 should care. This includes water utilities, electric utilities, and manufacturers using OpENer in PLCs, gateways, or protocol servers for factory automation, remote terminal units (RTUs), or intelligent electronic devices (IEDs).

How it could be exploited

An attacker with network access to a device running vulnerable OpENer could send specially crafted Ethernet/IP packets to trigger a denial-of-service condition or read unintended data from memory. The attack requires no authentication and can be performed remotely from any machine that can reach the affected device on the network.

Prerequisites

Network access to the device running OpENer
Device is reachable on the network (no authentication required)

remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

OpENer:< Feb 10 2021commits released after February 10, 2021

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate OpENer-based devices from the Internet and locate them behind firewalls

WORKAROUNDRestrict network access to OpENer devices; implement firewall rules to limit which systems can communicate with affected devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OpENer to the latest commits released after February 10, 2021

Long-term hardening

0/2

HARDENINGSegment control system networks from business networks

HARDENINGFor required remote access, use secure VPN and keep VPN software updated

CVEs (4)

CVE-2021-27478 CVE-2021-27482 CVE-2021-27500 CVE-2021-27498

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f28050bc-0084-443a-9194-b3df69316155