Share: Email | Twitter

ID

VDE-2021-018

Published

2021-05-12 10:57 (CEST)

Last update

2021-05-12 10:57 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No° Product Name Affected Version(s)
295311 ICE1-16DI-G60L-V1D <= F10017
308627 ICE1-16DIO-G60L-C1-V1D <= F10017
308626 ICE1-16DIO-G60L-V1D <= F10017
295314 ICE1-8DI8DO-G60L-C1-V1D <= F10017
295312 ICE1-8DI8DO-G60L-V1D <= F10017
70101643 ICE1-8IOL-G30L-V1D <= F10017
295313 ICE1-8IOL-G60L-V1D <= F10017
70103603 ICE1-8IOL-S2-G60L-V1D <= F10017

Summary

Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerabilities on the affected device is that it can result in:

  • Denial of Service (DoS)
  • Remote Code Execution (RCE)
  • Code Exposure

Note

ICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986

Vulnerabilities



CVE-2021-20987
8.6
Last Update
Nov. 17, 2022, 1:09 p.m.
Severity
8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

Details
nvd.nist.gov 
CVE-2021-20988
7.5
Last Update
Nov. 8, 2021, 2:20 p.m.
Severity
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.

Details
nvd.nist.gov 
CVE-2021-20986
7.5
Last Update
Nov. 17, 2022, 1:09 p.m.
Severity
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

Details
nvd.nist.gov 
CVE-2019-18222
4.7
Last Update
Nov. 8, 2021, 2:20 p.m.
Severity
4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Weakness
Observable Differences in Behavior to Error Inputs (CWE-203)
Summary

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Details
nvd.nist.gov 

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.

Solution

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Reported by

Hilscher Gesellschaft für Systemautomation mbH

Coordinated by CERT@VDE