Summary
A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.
The indicated firmware versions are only used on products of hardware version 01.xx.xx.
Impact
Attackers with network access to the EtherNet/IP network may send a specially crafted packet that may result in a denial-of-service condition of the affected products which will cause them to crash. Crashed products will reboot within some seconds.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1334920000 | UR20-FBC-EIP | Firmware 01.00.00 <= 01.08.00 |
Vulnerabilities
Expand / Collapse allPyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.
Mitigation
Weidmueller strongly recommends applying the following external protective measures:
Restrict network access to the EtherNet/IP network containing affected products.
If remote access is required, use secure methods such as virtual private networks (VPNs).
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 21.06.2022 10:00 | Initial revision. |