Pyramid Solutions EtherNet/IP Adapter Development Kit
Act Now9.8ICS-CERT ICSA-22-174-04Jun 23, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer overflow vulnerability (CWE-787) exists in Pyramid Solutions EtherNet/IP development kits and DLL kits. An attacker on the EtherNet/IP network can send a specially crafted packet that triggers the overflow, resulting in denial-of-service conditions. Affected versions: EADK, EIPA, EDKS, and EIPS version 4.4.0 and earlier. The vulnerability affects any product or application built using these vulnerable kits. No public exploits are currently known.
What this means
What could happen
An attacker on the EtherNet/IP network can send a malformed packet to crash devices running vulnerable development kits, causing temporary loss of communication or operational interruption for any equipment relying on those kits for network communication.
Who's at risk
Manufacturers and system integrators who develop EtherNet/IP applications using Pyramid Solutions development kits. This includes anyone building industrial ethernet communication layers for programmable logic controllers (PLCs), remote I/O modules, drives, and other automation equipment that communicate over EtherNet/IP networks in water systems, power generation, and manufacturing facilities.
How it could be exploited
An attacker with network access to an EtherNet/IP-enabled device or development system sends a specially crafted packet to the vulnerable kit running on the target device. The malformed packet triggers a buffer overflow in packet processing, causing the application to crash or become unresponsive.
Prerequisites
- Network access to the EtherNet/IP network segment where the vulnerable kit is operating
- Target device or workstation running a vulnerable version of EADK, EIPA, EIPS, or ESDK (version 4.4.0 or earlier)
- No credentials or authentication required
Remotely exploitableNo authentication requiredLow complexity attackNo patch currently availableBuffer overflow vulnerabilityAffects development kits used in safety-critical industrial equipment
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
EtherNet/IP Adapter DLL Kit (EIPA):≤ 4.4.0No fix (EOL)
EtherNet/IP Scanner Development Kit (EDKS):≤ 4.4.0No fix (EOL)
EtherNet/IP Scanner DLL Kit (EIPS):≤ 4.4.0No fix (EOL)
EtherNet/IP Adapter Development Kit (EADK):≤ 4.4.0No fix (EOL)
Remediation & Mitigation
0/7
Do now
0/1WORKAROUNDImplement firewall rules to restrict EtherNet/IP network access (port 44818/TCP and 2222/TCP/UDP) to only authorized engineering workstations and control devices; block all Internet-facing access
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
EtherNet/IP Adapter Development Kit (EADK):
HOTFIXUpgrade EtherNet/IP Adapter Development Kit (EADK) to a version newer than 4.4.0 if a fix becomes available
EtherNet/IP Adapter DLL Kit (EIPA):
HOTFIXUpgrade EtherNet/IP Adapter DLL Kit (EIPA) to a version newer than 4.4.0 if a fix becomes available
EtherNet/IP Scanner Development Kit (EDKS):
HOTFIXUpgrade EtherNet/IP Scanner Development Kit (EDKS) to a version newer than 4.4.0 if a fix becomes available
EtherNet/IP Scanner DLL Kit (EIPS):
HOTFIXUpgrade EtherNet/IP Scanner DLL Kit (EIPS) to a version newer than 4.4.0 if a fix becomes available
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: EtherNet/IP Adapter DLL Kit (EIPA):, EtherNet/IP Scanner Development Kit (EDKS):, EtherNet/IP Scanner DLL Kit (EIPS):, EtherNet/IP Adapter Development Kit (EADK):. Apply the following compensating controls:
HARDENINGIsolate EtherNet/IP networks from the corporate business network using network segmentation or air-gap
HARDENINGDisable remote access to devices using vulnerable kits unless absolutely necessary; if required, route all remote access through VPN with additional access controls
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/07568b46-5f2b-45e8-8cff-8413a9689ee6