VDE-2021-018
Vulnerability from csaf_pepperlfuchsse - Published: 2021-05-12 08:57 - Updated: 2021-05-12 08:57Summary
Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules
Severity
High
Notes
Summary: Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerabilities on the affected device is that it can result in:
* Denial of Service (DoS)
* Remote Code Execution (RCE)
* Code Exposure
**Note:**
ICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986
Impact: Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.
Mitigation: An external protective measure is required. Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network. If remote access is required, use secure methods such as virtual private networks (VPNs).
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
8.6 (High)
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.
7.5 (High)
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
7.5 (High)
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
4.7 (Medium)
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
References
Acknowledgments
CERT@VDE
certvde.com
Hilscher Gesellschaft für Systemautomation mbH
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Hilscher Gesellschaft f\u00fcr Systemautomation mbH",
"summary": "reporting."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft f\u00fcr Systemautomation mbH.\nThe impact of the vulnerabilities on the affected device is that it can result in:\n* Denial of Service (DoS)\n* Remote Code Execution (RCE)\n* Code Exposure\n\n**Note:**\nICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.",
"title": "Impact"
},
{
"category": "description",
"text": "An external protective measure is required. Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network. If remote access is required, use secure methods such as virtual private networks (VPNs).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "Pepperl+Fuchs advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2021-018: Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-018"
},
{
"category": "self",
"summary": "VDE-2021-018: Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-018.json"
}
],
"source_lang": "en",
"title": "Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules",
"tracking": {
"aliases": [
"VDE-2021-018"
],
"current_release_date": "2021-05-12T08:57:00.000Z",
"generator": {
"date": "2024-12-06T08:39:04.675Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2021-018",
"initial_release_date": "2021-05-12T08:57:00.000Z",
"revision_history": [
{
"date": "2021-05-12T08:57:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-16DI-G60L-V1D \u003c= F10017",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_name",
"name": "ICE1-16DI-G60L-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-16DIO-G60L-C1-V1D \u003c= F10017",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_name",
"name": "ICE1-16DIO-G60L-C1-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-16DIO-G60L-V1D \u003c= F10017",
"product_id": "CSAFPID-11003"
}
}
],
"category": "product_name",
"name": "ICE1-16DIO-G60L-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-8DI8DO-G60L-C1-V1D \u003c= F10017",
"product_id": "CSAFPID-11004"
}
}
],
"category": "product_name",
"name": "ICE1-8DI8DO-G60L-C1-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-8DI8DO-G60L-V1D \u003c= F10017",
"product_id": "CSAFPID-11005"
}
}
],
"category": "product_name",
"name": "ICE1-8DI8DO-G60L-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-8IOL-G30L-V1D \u003c= F10017",
"product_id": "CSAFPID-11006"
}
}
],
"category": "product_name",
"name": "ICE1-8IOL-G30L-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-8IOL-G60L-V1D \u003c= F10017",
"product_id": "CSAFPID-11007"
}
}
],
"category": "product_name",
"name": "ICE1-8IOL-G60L-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= F10017",
"product": {
"name": "Hardware ICE1-8IOL-S2-G60L-V1D \u003c= F10017",
"product_id": "CSAFPID-11008"
}
}
],
"category": "product_name",
"name": "ICE1-8IOL-S2-G60L-V1D"
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
],
"summary": "Affected Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20987",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
}
],
"title": "CVE-2021-20987"
},
{
"cve": "CVE-2021-20988",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
}
],
"title": "CVE-2021-20988"
},
{
"cve": "CVE-2021-20986",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
}
],
"title": "CVE-2021-20986"
},
{
"cve": "CVE-2019-18222",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 4.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008"
]
}
],
"title": "CVE-2019-18222"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…