Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious packet to the target device, causing a loss of communication between the victim’s network and the device, resulting in a denial of service.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Allen-Bradley to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Allen-Bradley Flex I/O 1794-AENT/B ENIP request path port segment denial-of-service vulnerability (TALOS-2020-1005/CVE-2020-6088)

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Allen-Bradley Flex IO 1794-AENT/B ENIP request path logical segment denial-of-service vulnerability (TALOS-2020-1006/CVE-2020-6084 and CVE-2020-6085)

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Allen-Bradley Flex I/O 1794-AENT/B ENIP request path data segment denial-of-service vulnerability (TALOS-2020-1007/CVE-2020-6086 and CVE-2020-6087)

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect the Allen-Bradley Flex I/O 1794-AENT/B, version 4.003.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53049, 53125 - 53128