Critical Vulnerability Found in ICS Devices
NJCCIC Advisory
Original Release Date: 12/3/2020
Summary
A vulnerability was discovered in Real Time Automation (RTA) 499ES EtherNet/IP (ENIP) stack, widely used throughout Industrial Control Systems (ICS). The vulnerability, tracked as CVE-2020-25159 , is considered critical after receiving a CVSS score of 9.8 due to the ease of remote exploitation. Successful exploitation of this vulnerability may cause a denial-of-service condition, and a buffer overflow may allow remote code execution. The flaw affects versions prior to v2.28. In order to patch the vulnerability, operators must update to current versions of the ENIP stack. There is currently no evidence of this vulnerability being exploited in the wild; however, due to the wide use of this product throughout ICS, it is likely that many customers may be vulnerable. According to the Claroty researchers who discovered the flaw, more than 8,000 ENIP-compatible devices are internet-facing at the time of this writing.
Recommendations
The NJCCIC urges operators using affected versions to apply updates after appropriate testing. Additional mitigations can be found in the Cybersecurity and Infrastructure Security (CISA) ICS Advisory ICSA-20-324-03.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.