Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27482 (GCVE-0-2021-27482)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:18 – Updated: 2025-04-16 16:22
VLAI?
EPSS
Title
EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read
Summary
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EIPStackGroup | OpENer EtherNet/IP |
Affected:
unspecified , < Feb 10, 2021
(custom)
|
Credits
Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:25.495662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:22:25.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpENer EtherNet/IP",
"vendor": "EIPStackGroup",
"versions": [
{
"lessThan": "Feb 10, 2021",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:18:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"solutions": [
{
"lang": "en",
"value": "The maintainer of OpENer recommends those affected to apply the latest commits available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27482",
"STATE": "PUBLIC",
"TITLE": "EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpENer EtherNet/IP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Feb 10, 2021"
}
]
}
}
]
},
"vendor_name": "EIPStackGroup"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
},
{
"name": "https://github.com/EIPStackGroup/OpENer",
"refsource": "CONFIRM",
"url": "https://github.com/EIPStackGroup/OpENer"
}
]
},
"solution": [
{
"lang": "en",
"value": "The maintainer of OpENer recommends those affected to apply the latest commits available."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27482",
"datePublished": "2022-05-12T19:18:03.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:22:25.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opener_project:opener:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3\", \"matchCriteriaId\": \"1EE035AE-99DF-4AA0-B75F-679A6F57C194\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.\"}, {\"lang\": \"es\", \"value\": \"Un paquete espec\\u00edficamente dise\\u00f1ado enviado por un atacante a EIPStackGroup OpENer EtherNet/IP commits y versiones anteriores a 10 de febrero de 2021, puede permitir al atacante leer datos arbitrarios\"}]",
"id": "CVE-2021-27482",
"lastModified": "2024-11-21T05:58:04.940",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-12T20:15:13.763",
"references": "[{\"url\": \"https://github.com/EIPStackGroup/OpENer\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://github.com/EIPStackGroup/OpENer\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27482\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-05-12T20:15:13.763\",\"lastModified\":\"2024-11-21T05:58:04.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.\"},{\"lang\":\"es\",\"value\":\"Un paquete espec\u00edficamente dise\u00f1ado enviado por un atacante a EIPStackGroup OpENer EtherNet/IP commits y versiones anteriores a 10 de febrero de 2021, puede permitir al atacante leer datos arbitrarios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opener_project:opener:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3\",\"matchCriteriaId\":\"1EE035AE-99DF-4AA0-B75F-679A6F57C194\"}]}]}],\"references\":[{\"url\":\"https://github.com/EIPStackGroup/OpENer\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://github.com/EIPStackGroup/OpENer\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/EIPStackGroup/OpENer\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:48:17.255Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-27482\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:56:25.495662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:56:27.846Z\"}}], \"cna\": {\"title\": \"EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"EIPStackGroup\", \"product\": \"OpENer EtherNet/IP\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"Feb 10, 2021\", \"versionType\": \"custom\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The maintainer of OpENer recommends those affected to apply the latest commits available.\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/EIPStackGroup/OpENer\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-05-12T19:18:03.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Feb 10, 2021\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"OpENer EtherNet/IP\"}]}, \"vendor_name\": \"EIPStackGroup\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"The maintainer of OpENer recommends those affected to apply the latest commits available.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/EIPStackGroup/OpENer\", \"name\": \"https://github.com/EIPStackGroup/OpENer\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-125: Out-of-bounds Read\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-27482\", \"STATE\": \"PUBLIC\", \"TITLE\": \"EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-27482\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:22:25.057Z\", \"dateReserved\": \"2021-02-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-05-12T19:18:03.000Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2021-27482
Vulnerability from fkie_nvd - Published: 2022-05-12 20:15 - Updated: 2024-11-21 05:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://github.com/EIPStackGroup/OpENer | Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EIPStackGroup/OpENer | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opener_project | opener | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opener_project:opener:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE035AE-99DF-4AA0-B75F-679A6F57C194",
"versionEndIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data."
},
{
"lang": "es",
"value": "Un paquete espec\u00edficamente dise\u00f1ado enviado por un atacante a EIPStackGroup OpENer EtherNet/IP commits y versiones anteriores a 10 de febrero de 2021, puede permitir al atacante leer datos arbitrarios"
}
],
"id": "CVE-2021-27482",
"lastModified": "2024-11-21T05:58:04.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T20:15:13.763",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/EIPStackGroup/OpENer"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/EIPStackGroup/OpENer"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
ICSA-21-105-02
Vulnerability from csaf_cisa - Published: 2021-04-15 00:00 - Updated: 2021-04-15 00:00Summary
EIPStackGroup OpENer Ethernet/IP
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Austria
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
8.2 (High)
Vendor Fix
The maintainer of OpENer recommends those affected to apply the latest commits available
https://github.com/EIPStackGroup/OpENer
7.5 (High)
Vendor Fix
The maintainer of OpENer recommends those affected to apply the latest commits available
https://github.com/EIPStackGroup/OpENer
7.5 (High)
Vendor Fix
The maintainer of OpENer recommends those affected to apply the latest commits available
https://github.com/EIPStackGroup/OpENer
7.5 (High)
Vendor Fix
The maintainer of OpENer recommends those affected to apply the latest commits available
https://github.com/EIPStackGroup/OpENer
References
Acknowledgments
Claroty
Tal Keren
Sharon Brizinov
{
"document": {
"acknowledgments": [
{
"names": [
"Tal Keren",
"Sharon Brizinov"
],
"organization": "Claroty",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Austria",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-105-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-105-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-105-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-105-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "EIPStackGroup OpENer Ethernet/IP",
"tracking": {
"current_release_date": "2021-04-15T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-105-02",
"initial_release_date": "2021-04-15T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-04-15T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-105-02 EIPStackGroup OpENer Ethernet IP"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c Feb 10 2021",
"product": {
"name": "OpENer: versions prior to Feb 10 2021",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "OpENer"
}
],
"category": "vendor",
"name": "EIPStackGroup"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27478",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "A specifically crafted packet sent by an attacker to the affected devices may cause a denial-of-service condition.CVE-2021-27478 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27482"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The maintainer of OpENer recommends those affected to apply the latest commits available",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-27482",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A specifically crafted packet sent by an attacker may allow the attacker to read arbitrary data.CVE-2021-27482 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27482"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The maintainer of OpENer recommends those affected to apply the latest commits available",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-27500",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A specifically crafted packet sent by an attacker may result in a denial-of-service condition. CVE-2021-27500 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27500"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The maintainer of OpENer recommends those affected to apply the latest commits available",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-27498",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A specifically crafted packet sent by an attacker may result in a denial-of-service condition. CVE-2021-27498 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27498"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The maintainer of OpENer recommends those affected to apply the latest commits available",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://github.com/EIPStackGroup/OpENer"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
ICSA-25-273-02
Vulnerability from csaf_cisa - Published: 2021-09-22 11:13 - Updated: 2025-08-26 10:00Summary
Festo SBRD-Q/SBOC-Q/SBOI-Q
Notes
Summary: The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.
Impact: Please consult the CVEs listed above and ICSA-21-105-02.
Mitigation: - Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
Remediation: There is no fix planned.
General recomendation: Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Disclaimer: Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.
Note: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Festo SE & Co. KG FSA-202101 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE & Co. KG directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.
8.2 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVEs listed above and ICSA-21-105-02.",
"title": "Impact"
},
{
"category": "description",
"text": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"title": "Mitigation"
},
{
"category": "description",
"text": "There is no fix planned.",
"title": "Remediation"
},
{
"category": "general",
"text": "Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \nFor a secure operation follow the recommendations in the product manuals.",
"title": "General recomendation"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.\n\nNote: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\nIn addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.",
"title": "Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Festo SE \u0026 Co. KG FSA-202101 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE \u0026 Co. KG directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2021/fsa-202101.json"
},
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-045/"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories ",
"url": "https://certvde.com/en/advisories/vendor/festo/"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-273-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-273-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-273-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Festo SBRD-Q/SBOC-Q/SBOI-Q",
"tracking": {
"aliases": [
"VDE-2021-045"
],
"current_release_date": "2025-08-26T10:00:00.000000Z",
"generator": {
"date": "2025-09-29T22:03:38.460727Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-273-02",
"initial_release_date": "2021-09-22T11:13:00.000000Z",
"revision_history": [
{
"date": "2021-09-28T11:13:00.000000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-01-11T10:00:00.000000Z",
"number": "1.0.1",
"summary": "Adjust link to VDE Advisory"
},
{
"date": "2025-08-26T10:00:00.000000Z",
"number": "1.0.2",
"summary": "Adjusted to VDE template. Changed document title from \u0027Vulnerability in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027 to \u0027Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027. Updated legal disclaimer to add references to special provisions.\". Updated vulnerability notes and mitigation information. Updated legal disclaimer to add references to special provisions."
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SBOC-Q-R1B",
"product": {
"name": "SBOC-Q-R1B",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B"
],
"skus": [
"541399"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541399"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1B-S1",
"product": {
"name": "SBOC-Q-R1B-S1",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B-S1"
],
"skus": [
"569771"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569771"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C",
"product": {
"name": "SBOC-Q-R1C",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C"
],
"skus": [
"548317"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548317"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C-S1",
"product": {
"name": "SBOC-Q-R1C-S1",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C-S1"
],
"skus": [
"569774"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569774"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B",
"product": {
"name": "SBOC-Q-R2B",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B"
],
"skus": [
"551021"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551021"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B-S1",
"product": {
"name": "SBOC-Q-R2B-S1",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B-S1"
],
"skus": [
"569772"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569772"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2C",
"product": {
"name": "SBOC-Q-R2C",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2C"
],
"skus": [
"551022"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551022"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB",
"product": {
"name": "SBOC-Q-R3B-WB",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB"
],
"skus": [
"555841"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555841"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB-S1",
"product": {
"name": "SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB-S1"
],
"skus": [
"569777"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569777"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB",
"product": {
"name": "SBOC-Q-R3C-WB",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB"
],
"skus": [
"555842"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555842"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB-S1",
"product": {
"name": "SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB-S1"
],
"skus": [
"569778"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569778"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B",
"product": {
"name": "SBOI-Q-R1B",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B"
],
"skus": [
"541396"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541396"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B-S1",
"product": {
"name": "SBOI-Q-R1B-S1",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B-S1"
],
"skus": [
"569773"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569773"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C",
"product": {
"name": "SBOI-Q-R1C",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C"
],
"skus": [
"548316"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548316"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C-S1",
"product": {
"name": "SBOI-Q-R1C-S1",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C-S1"
],
"skus": [
"569776"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569776"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB",
"product": {
"name": "SBOI-Q-R3B-WB",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"555839"
],
"skus": [
"SBOI-Q-R3B-WB"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555839"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB-S1",
"product": {
"name": "SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3B-WB-S1"
],
"skus": [
"569779"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569779"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB",
"product": {
"name": "SBOI-Q-R3C-WB",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB"
],
"skus": [
"555840"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555840"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB-S1",
"product": {
"name": "SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB-S1"
],
"skus": [
"569780"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569780"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBRD-Q",
"product": {
"name": "SBRD-Q",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"SBRD-Q"
],
"skus": [
"8067301"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8067301"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBRD-Q"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Festo"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B-S1",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C-S1",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B-S1",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2C",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B-S1",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C-S1",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB",
"product_id": "CSAFPID-0037"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-0038"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB",
"product_id": "CSAFPID-0039"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-0040"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBRD-Q",
"product_id": "CSAFPID-0041"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27478",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27478"
},
{
"cve": "CVE-2021-27482",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27482"
},
{
"cve": "CVE-2021-27500",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27500"
},
{
"cve": "CVE-2021-27498",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27498"
}
]
}
CNVD-2021-53918
Vulnerability from cnvd - Published: 2021-07-23
VLAI Severity ?
Title
EIPStackGroup OpENer EtherNet/IP越界读取漏洞
Description
Eipstackgroup Opener是Eipstackgroup组织的一个用于为IO适配器设备提供EtherNet/IP堆栈功能的软件 。
EIPStackGroup OpENer Ethernet/IP存在越界读取漏洞,攻击者可利用漏洞发送特制数据包,读取任意数据。
Severity
高
Patch Name
EIPStackGroup OpENer EtherNet/IP越界读取漏洞的补丁
Patch Description
Eipstackgroup Opener是Eipstackgroup组织的一个用于为IO适配器设备提供EtherNet/IP堆栈功能的软件 。
EIPStackGroup OpENer Ethernet/IP存在越界读取漏洞,攻击者可利用漏洞发送特制数据包,读取任意数据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://github.com/EIPStackGroup/OpENer
Reference
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
Impacted products
| Name | Eipstackgroup OpENer EtherNet/IP |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-27482"
}
},
"description": "Eipstackgroup Opener\u662fEipstackgroup\u7ec4\u7ec7\u7684\u4e00\u4e2a\u7528\u4e8e\u4e3aIO\u9002\u914d\u5668\u8bbe\u5907\u63d0\u4f9bEtherNet/IP\u5806\u6808\u529f\u80fd\u7684\u8f6f\u4ef6 \u3002\n\nEIPStackGroup OpENer Ethernet/IP\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u6570\u636e\u5305\uff0c\u8bfb\u53d6\u4efb\u610f\u6570\u636e\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://github.com/EIPStackGroup/OpENer",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-53918",
"openTime": "2021-07-23",
"patchDescription": "Eipstackgroup Opener\u662fEipstackgroup\u7ec4\u7ec7\u7684\u4e00\u4e2a\u7528\u4e8e\u4e3aIO\u9002\u914d\u5668\u8bbe\u5907\u63d0\u4f9bEtherNet/IP\u5806\u6808\u529f\u80fd\u7684\u8f6f\u4ef6 \u3002\r\n\r\nEIPStackGroup OpENer Ethernet/IP\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u5236\u6570\u636e\u5305\uff0c\u8bfb\u53d6\u4efb\u610f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "EIPStackGroup OpENer EtherNet/IP\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Eipstackgroup OpENer EtherNet/IP"
},
"referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02",
"serverity": "\u9ad8",
"submitTime": "2021-04-16",
"title": "EIPStackGroup OpENer EtherNet/IP\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}
GHSA-459H-94Q9-VWR6
Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-24 00:01
VLAI?
Details
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2021-27482"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T20:15:00Z",
"severity": "HIGH"
},
"details": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"id": "GHSA-459h-94q9-vwr6",
"modified": "2022-05-24T00:01:43Z",
"published": "2022-05-13T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27482"
},
{
"type": "WEB",
"url": "https://github.com/EIPStackGroup/OpENer"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FSA-202101
Vulnerability from csaf_festosecokg - Published: 2021-09-22 11:13 - Updated: 2025-08-26 10:00Summary
Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q
Notes
Summary: The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.
Impact: Please consult the CVEs listed above and ICSA-21-105-02.
Mitigation: - Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
Remediation: There is no fix planned.
General recomendation: Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Disclaimer: Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.
Note: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.
8.2 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
7.5 (High)
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
No Fix Planned
There is no fix planned.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVEs listed above and ICSA-21-105-02.",
"title": "Impact"
},
{
"category": "description",
"text": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"title": "Mitigation"
},
{
"category": "description",
"text": "There is no fix planned.",
"title": "Remediation"
},
{
"category": "general",
"text": "Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \nFor a secure operation follow the recommendations in the product manuals.",
"title": "General recomendation"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.\n\nNote: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\nIn addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@festo.com",
"name": "Festo SE \u0026 Co. KG",
"namespace": "https://festo.com"
},
"references": [
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-045/"
},
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2021/fsa-202101.json"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories ",
"url": "https://certvde.com/en/advisories/vendor/festo/"
}
],
"title": "Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q",
"tracking": {
"aliases": [
"VDE-2021-045"
],
"current_release_date": "2025-08-26T10:00:00.000Z",
"generator": {
"date": "2025-08-25T17:10:00.198Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.16"
}
},
"id": "FSA-202101",
"initial_release_date": "2021-09-22T11:13:00.000Z",
"revision_history": [
{
"date": "2021-09-28T11:13:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-01-11T10:00:00.000Z",
"number": "1.0.1",
"summary": "Adjust link to VDE Advisory"
},
{
"date": "2025-08-26T10:00:00.000Z",
"number": "1.0.2",
"summary": "Adjusted to VDE template. Changed document title from \u0027Vulnerability in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027 to \u0027Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027. Updated legal disclaimer to add references to special provisions.\". Updated vulnerability notes and mitigation information. Updated legal disclaimer to add references to special provisions."
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SBOC-Q-R1B",
"product": {
"name": "SBOC-Q-R1B",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B"
],
"skus": [
"541399"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541399"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1B-S1",
"product": {
"name": "SBOC-Q-R1B-S1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B-S1"
],
"skus": [
"569771"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569771"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C",
"product": {
"name": "SBOC-Q-R1C",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C"
],
"skus": [
"548317"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548317"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C-S1",
"product": {
"name": "SBOC-Q-R1C-S1",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C-S1"
],
"skus": [
"569774"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569774"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B",
"product": {
"name": "SBOC-Q-R2B",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B"
],
"skus": [
"551021"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551021"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B-S1",
"product": {
"name": "SBOC-Q-R2B-S1",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B-S1"
],
"skus": [
"569772"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569772"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2C",
"product": {
"name": "SBOC-Q-R2C",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2C"
],
"skus": [
"551022"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551022"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB",
"product": {
"name": "SBOC-Q-R3B-WB",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB"
],
"skus": [
"555841"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555841"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB-S1",
"product": {
"name": "SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB-S1"
],
"skus": [
"569777"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569777"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB",
"product": {
"name": "SBOC-Q-R3C-WB",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB"
],
"skus": [
"555842"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555842"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB-S1",
"product": {
"name": "SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB-S1"
],
"skus": [
"569778"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569778"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B",
"product": {
"name": "SBOI-Q-R1B",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B"
],
"skus": [
"541396"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541396"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B-S1",
"product": {
"name": "SBOI-Q-R1B-S1",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B-S1"
],
"skus": [
"569773"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569773"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C",
"product": {
"name": "SBOI-Q-R1C",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C"
],
"skus": [
"548316"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548316"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C-S1",
"product": {
"name": "SBOI-Q-R1C-S1",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C-S1"
],
"skus": [
"569776"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569776"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB",
"product": {
"name": "SBOI-Q-R3B-WB",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"555839"
],
"skus": [
"SBOI-Q-R3B-WB"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555839"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB-S1",
"product": {
"name": "SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3B-WB-S1"
],
"skus": [
"569779"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569779"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB",
"product": {
"name": "SBOI-Q-R3C-WB",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB"
],
"skus": [
"555840"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555840"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB-S1",
"product": {
"name": "SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB-S1"
],
"skus": [
"569780"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569780"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBRD-Q",
"product": {
"name": "SBRD-Q",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"SBRD-Q"
],
"skus": [
"8067301"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8067301"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBRD-Q"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Festo"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B-S1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C-S1",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B-S1",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2C",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B-S1",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C-S1",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBRD-Q",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27478",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
}
],
"title": "CVE-2021-27478"
},
{
"cve": "CVE-2021-27482",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
}
],
"title": "CVE-2021-27482"
},
{
"cve": "CVE-2021-27500",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
}
],
"title": "CVE-2021-27500"
},
{
"cve": "CVE-2021-27498",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020"
]
}
],
"title": "CVE-2021-27498"
}
]
}
GSD-2021-27482
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27482",
"description": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"id": "GSD-2021-27482"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27482"
],
"details": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"id": "GSD-2021-27482",
"modified": "2023-12-13T01:23:36.235012Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27482",
"STATE": "PUBLIC",
"TITLE": "EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpENer EtherNet/IP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Feb 10, 2021"
}
]
}
}
]
},
"vendor_name": "EIPStackGroup"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
},
{
"name": "https://github.com/EIPStackGroup/OpENer",
"refsource": "CONFIRM",
"url": "https://github.com/EIPStackGroup/OpENer"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The maintainer of OpENer recommends those affected to apply the latest commits available."
}
],
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opener_project:opener:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27482"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/EIPStackGroup/OpENer",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/EIPStackGroup/OpENer"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-05-23T15:16Z",
"publishedDate": "2022-05-12T20:15Z"
}
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…