Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Executive summary
Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack Group
OpENer. OpENer is an Ethernet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making Ethernet/IP-compliant products as defined in the ODVA specifications. The software contains two vulnerabilities that could allow an attacker to execute code on the victim machine and cause a denial of service, respectively.
In accordance with our coordinated disclosure policy, Cisco Talos worked with EIP Stack Group to disclose these vulnerabilities and ensure that an update is available.
Vulnerability details
EIP Stack Group OpENer Ethernet/IP server denial-of-service vulnerability (TALOS-2020-1143/CVE-2020-13530)
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
For more information on this vulnerability, read the complete advisory here.
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability (TALOS-2020-1170/CVE-2020-13556)
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
For more information on this vulnerability, read the complete advisory here.
Versions tested
Talos tested and confirmed that EIP Stack Group OpENer, version 2.3 and development commit 8c73bf3 are affected by these vulnerabilities.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 54832, 56059, 56060