Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler.

OpENer is an Ethernet/IP stack for I/O adapter devices that includes objects and services for making Ethernet/IP-compliant products, as defined in the ODVA specification. TALOS-2021-1234 (CVE-2021- 21777) is an out-of-bounds read vulnerability in the software that could allow an attacker to obtain sensitive information. An adversary could also exploit this vulnerability to cause a denial of service or carry out a distributed denial-of-service attack.

Cisco worked with the group running OpENer to confirm that an update was release and this issue was fixed.

Users are encouraged to update these affected products as soon as possible: EIP Stack Group OpENer, version 2.3 and development commit 8c73bf3. Talos tested and confirmed these versions of OpENer could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 7056. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.