Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20987: VDE-2021-007 | CERT@VDE

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

CVE
#vulnerability#dos#rce#perl#buffer_overflow

2021-02-16 15:53 (CET) VDE-2021-007

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service
Share: Email | Twitter

Published

2021-02-16 15:53 (CET)

Last update

2021-02-16 15:53 (CET)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No°

Product Name

Affected Version(s)

262163

PCV100-F200-B25-V1D-6011

<= V1.10.0

284068

PCV100-F200-B25-V1D-6011-6720

<= V1.10.0

262161

PCV50-F200-B25-V1D

<= V1.10.0

262162

PCV80-F200-B25-V1D

<= V1.10.0

293431-100004

PXV100-F200-B25-V1D

<= V1.10.0

293431-100010

PXV100I-F200-B25-V1D

<= V1.10.0

262006

WCS3B-LS510

<= V1.2.1

304867

WCS3B-LS510D

<= V1.2.1

304868

WCS3B-LS510DH

<= V1.2.1

312681

WCS3B-LS510DH-OM

<= V1.2.1

312682

WCS3B-LS510D-OM

<= V1.2.1

304866

WCS3B-LS510H

<= V1.2.1

312680

WCS3B-LS510H-OM

<= V1.2.1

312683

WCS3B-LS510-OM

<= V1.2.1

Summary

Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can

  • denial of service
  • remote code execution
  • code exposure

For more information see advisory by Hilscher:
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480

CVE ID

Severity

Weakness

Stack-based Buffer Overflow (CWE-121)

Summary

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

Source

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.

Solution

Mitigation

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Reported by

Hilscher Gesellschaft für Systemautomation mbH

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907