CVE-2021-27500
published 2022-05-12CVE-2021-27500: A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.16%
63.3th percentile
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eipstackgroup | opener_ethernet_ip | >= unspecified < Feb 10, 2021 | Feb 10, 2021 |
| opener_project | opener | <= 2.3 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo SBRD-Q/SBOC-Q/SBOI-Q
cisa_ics·2025-09-30
Festo SBRD-Q/SBOC-Q/SBOI-Q
ICS Advisory
##
Festo SBRD-Q/SBOC-Q/SBOI-Q
Release DateSeptember 30, 2025
Alert CodeICSA-25-273-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Festo
- Equipment: SBRD-Q/SBOC-Q/SBOI-Q
- Vulnerabilities: Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Festo reports that the following products are affected:
- Festo Firmware installed on Festo Hardware SBOC-Q-R1B
CISA ICS
EIPStackGroup OpENer Ethernet/IP
cisa_ics·2021-04-15·CVSS 8.2
[HIGH] EIPStackGroup OpENer Ethernet/IP
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
EIPStackGroup OpENer Ethernet/IP
Last RevisedApril 15, 2021
Alert CodeICSA-21-105-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: EIPStackGroup
- Equipment: OpENer EtherNet/IP
- Vulnerabilities: Incorrect Conversion Between Numeric Types, Out-of-bounds Read, Reachable Assertion
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of OpENer EtherNet/IP, are affecte
GHSA
GHSA-v2cq-8xv3-3vq4: A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denia
ghsa_unreviewed·2022-05-13
CVE-2021-27500 [HIGH] CWE-617 GHSA-v2cq-8xv3-3vq4: A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denia
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-12
Published