{"id":1637,"date":"2021-04-17T16:41:54","date_gmt":"2021-04-17T11:11:54","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1637"},"modified":"2021-06-07T11:25:46","modified_gmt":"2021-06-07T05:55:46","slug":"serve-bugs-reported-in-ethernet-ip-stack-for-organizations","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/","title":{"rendered":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems!"},"content":{"rendered":"\n<p><p style=\"text-align: justify\">The United States Cybersecurity and Infrastructure Security Agency (CISA) published an advisory that warns the multiple vulnerabilities in OpENer EtherNet\/IP stack that may expose the industrial systems while enabling denial-of-service or DoS attack that leaks the data and execute remote code execution.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">While the OpENer versions and commits before 10th February 2021 are affected and there are unknown public exploits that are targeted with these vulnerabilities. The other four security flaws are discovered and identified by CISA by the experts and the 5th security bug was discovered by the Claroty that also identified Cisco Talos named as CVE-2020-13556 on 2nd December 2020.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"380\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/serve-bugs-repoted-in-ethernetip-image.jpg\" alt=\"Serve Bugs Reported in EtherNet\/IP Stack for Organizations!\" class=\"wp-image-1638\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/serve-bugs-repoted-in-ethernetip-image.jpg 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/serve-bugs-repoted-in-ethernetip-image-300x157.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">However, the attacker only needs to transfer the crafted files ENIP\/CIP packets on the device while getting the exploit of these vulnerabilities present. The CVE-2020-13556 concerns listed as out-of-bounds that write the vulnerability in the Enternet\/IP server that may authorize the attackers to send the series of specially-crafted network requests while triggering the remote code execution which is rated 9.8 out of 10 severity.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">Meanwhile, the other four bugs identified by EIP StackGroup and the researchers of the OpENer stack in October 2020 are listed below;<\/p><\/p>\n\n\n\n<ul><li style=\"text-align: justify\"><strong>CVE-2021-27478&nbsp;<\/strong>(CVSS score: 8.2) \u2013 Bug in the manner that is handled by Common Industrial Protocol and leads by DoS condition.<\/li><li style=\"text-align: justify\"><strong>CVE-2021-27482&nbsp;<\/strong>(CVSS score: 7.5) \u2013 While out-of-bounds read bugs are leverages by the specially crafted packets that are accessible by the arbitrary data from the memory.<\/li><li style=\"text-align: justify\"><strong>CVE-2021-27500&nbsp;<\/strong>and&nbsp;<strong>CVE-2021-27498&nbsp;<\/strong>(CVSS score: 7.5) \u2013 These two assertion vulnerabilities can be exploited as the result of the DoS condition.<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify\">However, the vendors are also accessing the OpENer stack are also get the update while the latest version and it also take protective measures while minimizing network exposure to all the devices controlled by the internet and also isolate them from the organization network, erect the firewall barriers.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Remaining Up<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">Since this the first time when the security issues have been treated by EtherNet\/IP stacks. In November the security researcher also said that these critical vulnerabilities that were uncovered in the Real-Time Automation as 499ES EtherNet\/IP stack could permit the industrial control systems while executing the remote attacks by adversaries.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The United States Cybersecurity and Infrastructure Security Agency (CISA) published an advisory that warns the multiple vulnerabilities in OpENer EtherNet\/IP stack that may expose the industrial systems while enabling denial-of-service or DoS attack that leaks the data and execute remote code execution. While the OpENer versions and commits before 10th February 2021 are affected and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1639,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The United States Cybersecurity and Infrastructure Security Agency (CISA) published an advisory that warns the multiple vulnerabilities in OpENer EtherNet\/IP stack that may expose the industrial systems while enabling denial-of-service or DoS attack that leaks the data and execute remote code execution. While the OpENer versions and commits before 10th February 2021 are affected and [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-17T11:11:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:55:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/serve-bugs-repoted-in-ethernetip-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems!\",\"datePublished\":\"2021-04-17T11:11:54+00:00\",\"dateModified\":\"2021-06-07T05:55:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\"},\"wordCount\":371,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\",\"url\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\",\"name\":\"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-04-17T11:11:54+00:00\",\"dateModified\":\"2021-06-07T05:55:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/","og_locale":"en_US","og_type":"article","og_title":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited","og_description":"The United States Cybersecurity and Infrastructure Security Agency (CISA) published an advisory that warns the multiple vulnerabilities in OpENer EtherNet\/IP stack that may expose the industrial systems while enabling denial-of-service or DoS attack that leaks the data and execute remote code execution. While the OpENer versions and commits before 10th February 2021 are affected and [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-04-17T11:11:54+00:00","article_modified_time":"2021-06-07T05:55:46+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/serve-bugs-repoted-in-ethernetip-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems!","datePublished":"2021-04-17T11:11:54+00:00","dateModified":"2021-06-07T05:55:46+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/"},"wordCount":371,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/","url":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/","name":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-04-17T11:11:54+00:00","dateModified":"2021-06-07T05:55:46+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/serve-bugs-reported-in-ethernet-ip-stack-for-organizations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Serve Bugs Identified in EtherNet\/IP Stack for Industrial Systems!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1637"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1637"}],"version-history":[{"count":3,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1637\/revisions"}],"predecessor-version":[{"id":1649,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1637\/revisions\/1649"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1639"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}