KB89186
Published: February 11, 2021
Revision: 1.0

Buffer Overrun Vulnerability In EtherNet/IP Stack


Applies To:

  • SNAP-PAC-S1, SNAP-PAC-S1-FM, SNAP-PAC-S1-W
  • SNAP-PAC-S2, SNAP-PAC-S2-W
  • SNAP-PAC-R1, SNAP-PAC-R1-FM, SNAP-PAC-R1-W, SNAP-PAC-R1-B
  • SNAP-PAC-R2, SNAP-PAC-R2-FM, SNAP-PAC-R2-W
  • SNAP-PAC-EB1, SNAP-PAC-EB1-FM, SNAP-PAC-EB1-W
  • SNAP-PAC-EB2, SNAP-PAC-EB2-FM, SNAP-PAC-EB2-W
  • G4EB2

Versions Affected:

R8.1a to R10.4a

Resolved In Version:

R10.4c


Symptoms:

The Cybersecurity and Infrastructure Security Agency (CISA) has ​issued an advisory (ICSA-20-324-03) that identifies a buffer overrun vulnerability that could allow a maliciously crafted EtherNet/IP packet to result in a device reset or execution of arbitrary code. This vulnerability has been assigned CVE ID: ​CVE-2020-25159.
 
Opto 22 has reviewed its product set for exposure to this vulnerability and has determined that the products listed in the Applies To section are affected.

Resolution:

Opto 22 has resolved this issue.

Questions?

Contact: Opto 22 Product Support.
Phone: 800-835-6786 or 951-695-3080
Email: support@opto22.com


DISCLAIMER

This Opto 22 Knowledge Base ('OptoKB') article is intended to provide general technical information on a particular subject or subjects and is not an exhaustive treatment of such subjects. Accordingly, the information in this OptoKB article is not intended to constitute application, design, software, or other professional engineering advice or services. Opto 22 may modify the OptoKB articles at any time. Before making any decision or taking any action which might affect your equipment, you should consult a qualified professional.

OPTO 22 DOES NOT WARRANT THE COMPLETENESS, TIMELINESS, OR ACCURACY OF THE DATA CONTAINED IN THIS OPTOKB ARTICLE AND MAY MAKE CHANGES THERETO AT ANY TIME AT ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS 'AS IS.' IN NO EVENT SHALL OPTO 22 BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT, OR DAMAGE, EVEN IF OPTO 22 HAS BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES.

OPTO 22 DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED WITH RESPECT TO THE INFORMATION (INCLUDING HARDWARE, SOFTWARE, AND/OR FIRMWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTIBILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not sanction the exclusion of implied warranties: thus, this disclaimer may not apply to you.

Copyright © 2024 Opto 22. All rights reserved.