Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol
- Advisory ID: BOSCH-SA-282922
- CVE Numbers and CVSS v3.1 Scores:
- Published: 31 Mar 2021
- Last Updated: 31 Mar 2021
The ActiveMover with the EtherNet/IP communication module (Rexroth no. 3842 559 444) sold by Bosch Rexroth contains communication technology from Hilscher (EtherNet/IP Core V2) in which a vulnerability with high severity has been discovered. A denial of service and memory corruption vulnerability could allow arbitrary code to be injected through the network or make the EtherNet/IP device crash without recovery.
The vulnerability only affects ActiveMover with firmware versions below 3.0.26.x using the EtherNet/IP communication module. If the product is used in closed (machine) networks with no access to the internet the risk of the vulnerability is very low.
- Rexroth ActiveMover < 3.0.26.x with configuration: ‘using EtherNet/IP communication module (Rexroth no. 3842 559 444)’
Solution and Mitigations
Closed (machine) network
ActiveMover firmware version 3.0.26.x and higher is not affected. For versions below Bosch Rexroth recommends to operate the product in a closed (machine) network with no access to the internet and implement the following measure:
Minimize network exposure and ensure that the products are not accessible via the Internet.
Network segmentation/ Firewall: Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
With these measures the risk of the vulnerability is very low.
Hilscher’s EtherNet/IP Core V2 processes a CIP service request that is received from the network. During that process the attached service data is copied into an internal buffer without checking the size of the data being copied. This results in memory corruption (stack damage) that could be used for remote code injection. In addition, the EtherNet/IP device stops responding due to its corrupted stack, making it vulnerable to a denial-of-service attack.
CVE description: A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V22.214.171.124 that may lead to code injection through network or make devices crash without recovery.
- Problem Type:
CVSS Vector String:
- Base Score: 7.5 (High)
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
-  Hilscher Cyber Security website and the corresponding advisory: https://kb.hilscher.com/pages/viewpage.action?pageId=108969480
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: firstname.lastname@example.org .
- 31 Mar 2021: Initial Publication