icsa-25-273-02
Vulnerability from csaf_cisa
Published
2021-09-22 11:13
Modified
2025-08-26 10:00
Summary
Festo SBRD-Q/SBOC-Q/SBOI-Q
Notes
Summary
The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.
Impact
Please consult the CVEs listed above and ICSA-21-105-02.
Mitigation
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if not used
Remediation
There is no fix planned.
General recomendation
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Disclaimer
Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.
Note: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Festo SE & Co. KG FSA-202101 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE & Co. KG directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVEs listed above and ICSA-21-105-02.",
"title": "Impact"
},
{
"category": "description",
"text": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"title": "Mitigation"
},
{
"category": "description",
"text": "There is no fix planned.",
"title": "Remediation"
},
{
"category": "general",
"text": "Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \nFor a secure operation follow the recommendations in the product manuals.",
"title": "General recomendation"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.\n\nNote: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\nIn addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.",
"title": "Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Festo SE \u0026 Co. KG FSA-202101 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE \u0026 Co. KG directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2021/fsa-202101.json"
},
{
"category": "self",
"summary": "FSA-202101: Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-045/"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories ",
"url": "https://certvde.com/en/advisories/vendor/festo/"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-273-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-273-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-273-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Festo SBRD-Q/SBOC-Q/SBOI-Q",
"tracking": {
"aliases": [
"VDE-2021-045"
],
"current_release_date": "2025-08-26T10:00:00.000000Z",
"generator": {
"date": "2025-09-29T22:03:38.460727Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-273-02",
"initial_release_date": "2021-09-22T11:13:00.000000Z",
"revision_history": [
{
"date": "2021-09-28T11:13:00.000000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-01-11T10:00:00.000000Z",
"number": "1.0.1",
"summary": "Adjust link to VDE Advisory"
},
{
"date": "2025-08-26T10:00:00.000000Z",
"number": "1.0.2",
"summary": "Adjusted to VDE template. Changed document title from \u0027Vulnerability in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027 to \u0027Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q\u0027. Updated legal disclaimer to add references to special provisions.\". Updated vulnerability notes and mitigation information. Updated legal disclaimer to add references to special provisions."
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SBOC-Q-R1B",
"product": {
"name": "SBOC-Q-R1B",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B"
],
"skus": [
"541399"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541399"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1B-S1",
"product": {
"name": "SBOC-Q-R1B-S1",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1B-S1"
],
"skus": [
"569771"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569771"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C",
"product": {
"name": "SBOC-Q-R1C",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C"
],
"skus": [
"548317"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548317"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R1C-S1",
"product": {
"name": "SBOC-Q-R1C-S1",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R1C-S1"
],
"skus": [
"569774"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569774"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B",
"product": {
"name": "SBOC-Q-R2B",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B"
],
"skus": [
"551021"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551021"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2B-S1",
"product": {
"name": "SBOC-Q-R2B-S1",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2B-S1"
],
"skus": [
"569772"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569772"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R2C",
"product": {
"name": "SBOC-Q-R2C",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R2C"
],
"skus": [
"551022"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:551022"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R2C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB",
"product": {
"name": "SBOC-Q-R3B-WB",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB"
],
"skus": [
"555841"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555841"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3B-WB-S1",
"product": {
"name": "SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3B-WB-S1"
],
"skus": [
"569777"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569777"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB",
"product": {
"name": "SBOC-Q-R3C-WB",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB"
],
"skus": [
"555842"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555842"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOC-Q-R3C-WB-S1",
"product": {
"name": "SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"SBOC-Q-R3C-WB-S1"
],
"skus": [
"569778"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569778"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOC-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B",
"product": {
"name": "SBOI-Q-R1B",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B"
],
"skus": [
"541396"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:541396"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1B-S1",
"product": {
"name": "SBOI-Q-R1B-S1",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1B-S1"
],
"skus": [
"569773"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569773"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1B-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C",
"product": {
"name": "SBOI-Q-R1C",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C"
],
"skus": [
"548316"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:548316"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R1C-S1",
"product": {
"name": "SBOI-Q-R1C-S1",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R1C-S1"
],
"skus": [
"569776"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569776"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R1C-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB",
"product": {
"name": "SBOI-Q-R3B-WB",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"555839"
],
"skus": [
"SBOI-Q-R3B-WB"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555839"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3B-WB-S1",
"product": {
"name": "SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3B-WB-S1"
],
"skus": [
"569779"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569779"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3B-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB",
"product": {
"name": "SBOI-Q-R3C-WB",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB"
],
"skus": [
"555840"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:555840"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB"
}
]
}
}
},
{
"category": "product_name",
"name": "SBOI-Q-R3C-WB-S1",
"product": {
"name": "SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"SBOI-Q-R3C-WB-S1"
],
"skus": [
"569780"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:569780"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBOI-Q-R3C-WB-S1"
}
]
}
}
},
{
"category": "product_name",
"name": "SBRD-Q",
"product": {
"name": "SBRD-Q",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"SBRD-Q"
],
"skus": [
"8067301"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8067301"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:SBRD-Q"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Festo"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1B-S1",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R1C-S1",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2B-S1",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R2C",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3B-WB-S1",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOC-Q-R3C-WB-S1",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1B-S1",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R1C-S1",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB",
"product_id": "CSAFPID-0037"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3B-WB-S1",
"product_id": "CSAFPID-0038"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB",
"product_id": "CSAFPID-0039"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBOI-Q-R3C-WB-S1",
"product_id": "CSAFPID-0040"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on SBRD-Q",
"product_id": "CSAFPID-0041"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27478",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27478"
},
{
"cve": "CVE-2021-27482",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"ids": [
{
"system_name": "ICS Advisory (ICSA-21-105-02)",
"text": "EIPStackGroup OpENer Ethernet/IP"
}
],
"notes": [
{
"audience": "all",
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27482"
},
{
"cve": "CVE-2021-27500",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27500"
},
{
"cve": "CVE-2021-27498",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "description",
"text": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n- Deactivate EtherNet/IP in device settings if not used",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "There is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041"
]
}
],
"title": "CVE-2021-27498"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…