Does the vulnerability CVE-2020-25159 affect any COPA-DATA products?

Summary

A vulnerability has been reported in implementations of older versions of a specific Ethernet/IP stack from RTA (Realtime automation), that may still be used today.

The vulnerability has been rated critical, with a CVSSv3 score of 9.8.

The zenon logic K5BusEIPs / T5BusEIP - EIP adapter fieldbus driver makes use of the Ethernet/IP stack from RTA.

Description

A vulnerability has been reported in implementations of older versions of a specific Ethernet/IP stack from RTA (Realtime automation), that may still be used today.

The vulnerability has been rated critical, with a CVSSv3 score of 9.8.

The zenon logic K5BusEIPs / T5BusEIP - EIP adapter fieldbus driver makes use of the Ethernet/IP stack from RTA.

Solution

From version 7.50 (straton 9.0) and higher, where the K5BusEIP fieldbus driver is included, a newer version of the Ethernet/IP stack from RTA is in use, which is not affected by this vulnerability.

There may be OEM devices that make use of the straton runtime with a K5BusEIPs fieldbus driver that still make use of an older, vulnerable, version of the RTA Ethernet/IP stack.

In doubt, please contact your OEM device vendor.

Information

Further information can be found here:

https://www.claroty.com/2020/11/17/blog-research-rta-enip-stack-vulnerability/

ICSA-20-324-03

Real Time Automation EtherNet/IP | CISA

CVE-2020-25159

NVD - CVE-2020-25159 (nist.gov)

Issue Number: 232847
Fixed on Date: 17.11.2020
Versions: 8.20 0 BUILD 69649

Related Articles
FAQ: Do COPA-DATA products use OpenSSL and if yes, are they affected by the Heartbleed vulnerability in OpenSSL?
There are components of COPA-DATA products that use parts of the OpenSSL library. The parts of the OpenSSL library that are used, include parts for certificate handling, encryption and secure connections. The following components in particular use ...
CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed
A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in the document ...
FAQ: CD_SVA_2022_1: Vulnerability in zenon Software platform
Summary COPA-DATA received a report from Security Researcher Ruben Santamarta detailing a security vulnerability for the zenon Logging Service which is part of the zenon platform standard deployment. Based on this vulnerability additional ...
FAQ: Are products in the zenon product family affected by the vulnerability, labelled BlastRADIUS?
The vulnerability labelled BlastRADIUS is a vulnerability in the RADIUS protocol, also known under the reference CVE-2024-3596. The zenon IIoT Services Identity Service supports an Identity Provider for authentication against RADIUS server, that can ...
FAQ: Are products in the zenon product family affected by the Log4j security vulnerability registered with CVE-2021-44228?
No, core products in the zenon product family are not based on Java and do not make use of the Log4j library. Additional information can be found in the information report.

Does the vulnerability CVE-2020-25159 affect any COPA-DATA products?

Does the vulnerability CVE-2020-25159 affect any COPA-DATA products?

Summary

Description

Solution

Information

Related Articles

FAQ: Do COPA-DATA products use OpenSSL and if yes, are they affected by the Heartbleed vulnerability in OpenSSL?

CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed

FAQ: CD_SVA_2022_1: Vulnerability in zenon Software platform

FAQ: Are products in the zenon product family affected by the vulnerability, labelled BlastRADIUS?

FAQ: Are products in the zenon product family affected by the Log4j security vulnerability registered with CVE-2021-44228?