5 matches found
CVE-2020-25159 Real Time Automation EtherNet/IP
499ES EtherNet/IP ENIP Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution...
CVE-2020-25159
CVE-2020-25159 affects Real Time Automation’s 499ES EtherNet/IP (ENIP) Adaptor Source Code (all versions prior to 2.28). The issue is a stack-based buffer overflow caused by an improper path parsing check in CIP, allowing a crafted packet to overflow a fixed-size buffer and potentially trigger de...
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
A critical vulnerability uncovered in Real-Time Automation's RTA 499ES EtherNet/IP ENIP stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/...
Multiple Industrial Control System Vendors Warn of Critical Bugs
Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries. Flaws are rated 9.8 out of 10 in severity by the industry standard Common Vulnerability Scoring System. The Real Time Automatio...
Real Time Automation EtherNet/IP
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Real Time Automation RTA Equipment: 499ES EtherNet/IP ENIP Adaptor Source Code Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could...