Bosch PSIRT

Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol

BOSCH-SA-775371

Advisory Information

Summary

The ID 200/C-ETH (Rexroth No. 3842 410 060) sold by Bosch Rexroth contains communication technology (499ES EtherNet/IP) from Real Time Automation (RTA) in which a critical vulnerability has been discovered. By exploiting the vulnerability, an attacker can send a specially crafted packet that may result in a denial-of-service condition or code execution.

The vulnerability only affects ID 200/C-ETH used in combination with the Ethernet/IP protocol. If the product is used in closed (machine) networks with no access to the internet the risk of the vulnerability is very low. The Usage of the ID 200/C-ETH with PROFINET, MODBUS, TCP/IP protocol is NOT affected.

Affected Products

  • Rexroth ID 200/C-ETH with configuration: ‘using the EtherNet/IP Protocol’

Solution and Mitigations

Operate the product in a closed environment

For the use of ID 200/C-ETH in combination with the Ethernet/IP protocol, Bosch Rexroth recommends to operate the product in a closed (machine) network with no access to the internet and implement the following measure:

  • Minimize network exposure and ensure that the products are not accessible via the Internet.

  • Network segmentation/ Firewall: Isolate affected products from the corporate network.

  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Vulnerability Details

CVE-2020-25159

Rexroth ID 200/C-ETH using EtherNet/IP protocol is affected by CVE-2020-25159. Remote attackers may exploit the vulnerability to get access to the device and execute any program and tap information.

CVE description: 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

Remark

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

  • 27 Jan 2021: Initial Publication