Secure Your Industrial Control Stacks, Now!

Secure Your Industrial Control Stacks! Serious Vulnerabilities Found in the OpENer EtherNet/IP Industrial Systems Stack including Denial-of-Service (DoS) attacks, data leaks, and remote code execution.

CVE-2020-13556 (CVSS score: 9.8)- An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.


Secure Your Industrial Control

CVE-2021-27478 (CVSS score: 8.2) – A bug in the manner Common Industrial Protocol (CIP) requests are handled, leading to a DoS condition.

CVE-2021-27482 (CVSS score: 7.5) – An out-of-bounds read flaw that leverages specially crafted packets to read arbitrary data from memory.

CVE-2021-27500 and CVE-2021-27498 (CVSS scores: 7.5) – Two reachable assertion vulnerabilities that could be exploited to result in a DoS condition

Vendors using the OpENer stack are recommended to update to the latest version while also taking protective measures to minimize network exposure for all control system devices to the internet, erect firewall barriers, and isolate them from the business network.


Why Rhyno?

Working as an extension of your team, Rhyno delivers advanced solutions for Managed Detection and Response and security assessment. By leveraging our understanding of the tactics attackers use to breach defenses, in-depth knowledge of the latest security tools, and a commitment to innovation, we ensure our clients are armed to continuously prevent, detect and respond to cyber threats.

We discover and safely exploit vulnerabilities before hackers do

The primary goal of a pen test is to identify weak spots in an organization’s security posture, as well as measure the compliance of its security policy, test the staff’s awareness of security issues and determine whether — and how — the organization would be subject to security disasters.

A penetration test can also highlight weaknesses in a company’s security policies. For instance, although a security policy focuses on preventing and detecting an attack on an enterprise’s systems, that policy may not include a process to expel a hacker.