Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: V3.7.0.18, V3.8.0.13, V3.9.0.4, V3.9.1.0 (trunk)
-
Component/s: None
-
Labels:None
-
Account:SPC EthernetIp Core (SPCETHERNET)
Description
The device does not adequately validate incoming packets that use the Common Packet Format (CPF) structure. If a malformed or malicious packet claims to include an unusually large number of CPF items, the device may attempt to process more data than was actually received. This can lead to instability or, in some cases, cause the device to become unresponsive.
Impact:
This issue has only been observed on devices using the cifX50 (netX100) platform. Devices based on other platforms (e.g., netX90, netX51) are not affected.
Steps to Reproduce:
Repeatedly sending specially crafted "SendRRData" packets with a very high item count may cause the device to become unresponsive over time.
Planned Fix:
Packet boundary checks will be improved to ensure that malformed data cannot cause the device to access memory outside of the actual packet. This will prevent potential crashes or instability due to malformed CPF packets.
Workaround:
No workaround is currently available. We recommend avoiding the use of untrusted or malformed CPF packets until a fix is provided.