Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack GroupOpENer. OpENer is an Ethernet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making Ethernet/IP-compliant products as defined in the ODVA specifications. The software contains two vulnerabilities that could allow an attacker to execute code on the victim machine and cause a denial of service, respectively.
In accordance with our coordinated disclosure policy, Cisco Talos worked with EIP Stack Group to disclose these vulnerabilities and ensure that an update is available.
EIP Stack Group OpENer Ethernet/IP server denial-of-service vulnerability (TALOS-2020-1143/CVE-2020-13530)
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
For more information on this vulnerability, read the complete advisory here.
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability (TALOS-2020-1170/CVE-2020-13556)
An out-of-bounds write vulnerability exists in the Ethernet/IP server ..