Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious packet to the target device, causing a loss of communication between the victim’s network and the device, resulting in a denial of service. In accordance with our coordinated disclosure policy, Cisco Talos worked with Allen-Bradley to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Allen-Bradley Flex I/O 1794-AENT/B ENIP request path port segment denial-of-service vulnerability (TALOS-2020-1005/CVE-2020-6088) An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. Read the complete vulnerability advisory here for additional information. Allen-Bradley Flex IO 1794-AENT/B ENIP request path logical segment denial-of-service vulnerability (TALOS-2020-1006/CVE-2020-6084 and CVE-2020-6085) An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. Read the complete vulnerability advisory vulnerability spotlight denial service vulnerabilities allen bradley
