VDE-2021-045 | CERT@VDE

2021-09-28 13:13 (CEST) VDE-2021-045

Festo SE: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q

Share: Email | Twitter

ID

VDE-2021-045

Published

2021-09-28 13:13 (CEST)

Last update

2021-09-28 13:13 (CEST)

Vendor(s)

Festo SE & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
541399	SBOC-Q-R1B	all versions
569771	SBOC-Q-R1B-S1	all versions
548317	SBOC-Q-R1C	all versions
569774	SBOC-Q-R1C-S1	all versions
551021	SBOC-Q-R2B	all versions
569772	SBOC-Q-R2B-S1	all versions
551022	SBOC-Q-R2C	all versions
555841	SBOC-Q-R3B-WB	all versions
569777	SBOC-Q-R3B-WB-S1	all versions
555842	SBOC-Q-R3C-WB	all versions
569778	SBOC-Q-R3C-WB-S1	all versions
541396	SBOI-Q-R1B	all versions
569773	SBOI-Q-R1B-S1	all versions
548316	SBOI-Q-R1C	all versions
569776	SBOI-Q-R1C-S1	all versions
555839	SBOI-Q-R3B-WB	all versions
569779	SBOI-Q-R3B-WB-S1	all versions
555840	SBOI-Q-R3C-WB	all versions
569780	SBOI-Q-R3C-WB-S1	all versions
8067301	SBRD-Q	all versions

Summary

The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.

Vulnerabilities

CVE-2021-27478

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Incorrect Conversion between Numeric Types (CWE-681)

Summary

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.

Details

nvd.nist.gov

CVE-2021-27482

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness

Out-of-bounds Read (CWE-125)

Summary

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.

Details

nvd.nist.gov

CVE-2021-27500

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Reachable Assertion (CWE-617)

Summary

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

Details

nvd.nist.gov

CVE-2021-27498

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Reachable Assertion (CWE-617)

Summary

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

Details

nvd.nist.gov

Impact

Please consult the CVEs listed above and ICSA-21-105-02.

Solution

There is no fix planned.

Mitigation

Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
Deactivate EtherNet/IP in device settings if not used

Reported by

Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA.
CERT@VDE coordinated with Festo.