CVE-2021-21777
published 2021-06-17CVE-2021-21777: An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A…
PriorityP354critical10CVSS 3.1
AVNACLPRNUINSCCHINAH
EPSS
1.67%
73.8th percentile
An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opener_project | opener | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:C/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
blogs_talos·2021-06-16
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler.
OpENer is an Ethernet/IP stack for I/O adapter devices that includes objects and services for making Ethernet/IP-compliant products, as defined in the ODVA specification. TALOS-2021-1234 (CVE-2021- 21777) is an out-of-bounds read vulnerability in the software that could allow an attacker to obtain sensitive information. An adversary could also exploit this vulnerability to cause a denial of service or carry out a distributed denial-of-service attack.
Cisco worked with the group running OpENer to confirm that an update was release and this issue was fixed.
Users are encour
Talos
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
blogs_talos·2021-06-16
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
## Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler.
OpENer is an Ethernet/IP stack for I/O adapter devices that includes objects and services for making Ethernet/IP-compliant products, as defined in the ODVA specification. TALOS-2021-1234 (CVE-2021- 21777) is an out-of-bounds read vulnerability in the software that could allow an attacker to obtain sensitive information. An adversary could also exploit this vulnerability to cause a denial of service or carry out a distributed denial-of-service attack.
Cisco worked with the group running
2021-06-17
Published