VDE-2021-040 | CERT@VDE

2021-10-04 14:30 (CEST) VDE-2021-040

Endress+Hauser: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow

Share: Email | Twitter

ID

VDE-2021-040

Published

2021-10-04 14:30 (CEST)

Last update

2021-10-04 14:30 (CEST)

Vendor(s)

Endress+Hauser AG

Product(s)

Article No°	Product Name	Affected Version(s)
83***	Promass 83	= 1.00.00

Summary

Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.

Update A, 2021-10-07:

added credits
changed title from "ENDRESS+HAUSER: Promass 83 with Ether/IP affected by DoS vulnerability" to "ENDRESS+HAUSER: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow"

CVE ID

CVE-2020-25159

Last Update:

March 4, 2021, 1:05 p.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Stack-based Buffer Overflow (CWE-121)

Summary

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

Details

nvd.nist.gov

Impact

The vulnerability described can lead to a denial of service or even remote code execution.

Solution

Mitigation

If an immediate firmware update is not possible, the only way to prevent an attack is to disable communication via EtherNet/IP.

Remediation

Endress+Hauser provides updated firmware versions (Firmware versions >1.00.00) for the related product from the Proline portfolio which fixes the vulnerability. Endress+Hauser strongly recommends customers to update to the new fixed version. For support, please contact your local service center.

Reported by

Sharon Brizinov of Claroty reported this vulnerability to CISA.
CERT@VDE coordinated with ENDRESS+HAUSER.