Security News > 2021 > April > Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition and other industrial systems that use OpENer.
Maintained by EIPStackGroup and designed for I/O adapter devices, the OpENer EtherNet/IP stack offers support for multiple I/O and explicit connections, implements the ENIP and CIP industrial protocols, and is highly popular among major SCADA vendors.
This week, researchers with industrial cybersecurity firm Claroty disclosed five vulnerabilities in the OpENer stack that could be abused by sending specially crafted ENIP/CIP packets to a vulnerable device.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
In a Thursday advisory, the Cybersecurity and Infrastructure Security Agency warned that all OpENer EtherNet/IP stack commits and versions prior to Feb 10, 2021 are vulnerable, while also recommending applying the latest commits and taking measures to minimize risk of exploitation.
Such actions include ensuring that control systems are not exposed to the Internet, ensuring that control system networks and remote devices are protected by firewalls and isolated from the business network, and using secure methods for remote access, such as VPNs that are updated to the latest versions.