Details
-
Type:
User Story
-
Status: Closed
-
Priority:
Minor
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: V3.10.0.0 (open)
-
Component/s: None
-
Labels:
-
Account:SPC EthernetIp Slave (SPCETHERNE)
Description
Summary
Prevent potential CIP-over-UDP amplification loop caused by spoofed reply packets.
Description
A vulnerability was identified in the handling of CIP-over-UDP packets within the EtherNet/IP Constrained Profile. An attacker could spoof a CIP reply message (service code 0x80-0xFF) using the IP address of another target device. If the receiving device generated a CIP error response to this crafted packet, the response would be sent to the spoofed device. In rare conditions, this could create a reply-exchange loop between two targets, resulting in a denial-of-service situation.
Although highly unlikely during normal operation, this scenario could be exploited deliberately. The firmware has been updated so that devices no longer generate CIP error responses to unexpected or spoofed reply packets on either UDP or TCP transports, preventing the amplification loop.
Attachments
Issue Links
- relates to
-
PSEISV3-975
Address "Response to Response Problem Mitigation"
-
- Closed
-