CVE-2021-27478
EIPStackGroup OpENer Ethernet/IP Incorrect Conversion between Numeric Types
In short
A malicious network packet can crash EIPStackGroup OpENer, a software that handles industrial Ethernet/IP communications. This happens because the software incorrectly processes numeric data in the packet, causing it to malfunction.
Technical detail
CVE-2021-27478 involves incorrect numeric type conversion in EIPStackGroup OpENer's EtherNet/IP protocol handling. An attacker can craft a specially formed packet that exploits this conversion flaw to trigger a denial-of-service condition, affecting versions prior to February 10, 2021. The attack vector is network-based with no authentication requirement, impacting availability of industrial control systems.
Summary generated and translated by AI from the official description.
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected products
EIPStackGroup · OpENer EtherNet/IPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →