Security News > 2020 > November > Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
A critical vulnerability uncovered in Real-Time Automation's 499ES EtherNet/IP stack could open up the industrial control systems to remote attacks by adversaries.
RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "Standard for factory floor I/O applications in North America."
"Eleven devices were found to be running RTA's ENIP stack in products from six unique vendors," the researchers said.
The flaw in itself concerns an improper check in the path parsing mechanism employed in Common Industrial Protocol - a communication protocol used for organizing and sharing data in industrial devices - allowing an attacker to open a CIP request with a large connection path size and cause the parser to write to a memory address outside the fixed-length buffer, thus leading to the potential execution of arbitrary code.
Claroty researchers scanned 290 different ENIP-compatible modules, of which 11 devices from six different vendors were found to be using RTA's ENIP stack.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/0GMh8BacG_I/researchers-warn-of-critical-flaws.html