Talos Blog || Cisco Talos Intelligence Group


recurring%2Bblog%2Bimages vuln%2Bspotlight


Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

patch availability available

The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious packet to the target device, causing a loss of communication between the victim’s network and the device, resulting in a denial of service.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Allen-Bradley to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Allen-Bradley Flex I/O 1794-AENT/B ENIP request path port segment denial-of-service vulnerability (TALOS-2020-1005/CVE-2020-6088)

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

Allen-Bradley Flex IO 1794-AENT/B ENIP request path logical segment denial-of-service vulnerability (TALOS-2020-1006/CVE-2020-6084 and CVE-2020-6085)

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

Allen-Bradley Flex I/O 1794-AENT/B ENIP request path data segment denial-of-service vulnerability (TALOS-2020-1007/CVE-2020-6086 and CVE-2020-6087)

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of the Allen-Bradley Flex I/O 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

Versions tested

Talos tested and confirmed that these vulnerabilities affect the Allen-Bradley Flex I/O 1794-AENT/B, version 4.003.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53049, 53125 – 53128



Source link

Recent articles

COVID-19: As UK winter sets in minorities fear second wave impact | United Kingdom News

London, United Kingdom – In an attempt to protect his bed-bound grandfather from coronavirus, 19-year-old university student Osman and his family wore masks...

How Last Year’s Pandemic Simulation Foreshadowed Covid-19

An employee walks at El Alto International Airport in El Alto, Bolivia, on Oct. 21, 2020.Photo: RONALDO SCHEMIDT/AFP (Getty...

Blender 2.9 – Rolling Waves Looping Mograph Animation

Tom Latvys writes: In this tutorial, you'll learn how to create a looping mograph animation of some stylized rolling waves, using a few...

Sopra Steria Hit by New Ryuk Variant

French IT services giant Sopra Steria has said it will take weeks to return to normal after a serious ransomware attack forced key...

The Font of Misinformation and Lies at Trump Campaign Rallies

Thank you very — this is great. Hello. How are you? Thank you, everybody. Thank you very much. Thank you. Thank you. And...

Leave a reply

Please enter your comment!
Please enter your name here