Login Sign Up

CVE-2020-13556

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2020-13556 is a critical out-of-bounds write vulnerability in the OpENer Ethernet/IP server that allows remote code execution via specially crafted network requests. This affects systems running vulnerable versions of OpENer, potentially allowing attackers to take complete control of affected devices. Industrial control systems and embedded devices using this stack are particularly at risk.

💻 Affected Systems

Products:
  • EIP Stack Group OpENer
Versions: Version 2.3 and development commit 8c73bf3
Operating Systems: Any OS running OpENer
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Ethernet/IP server functionality specifically

📦 What is this software?

Opener by Opener Project

View all CVEs affecting Opener →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to ransomware deployment, data theft, or disruption of industrial processes

🟠

Likely Case

Remote code execution allowing attacker to install malware, pivot to other systems, or disrupt operations

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent exploitation attempts

🌐 Internet-Facing: HIGH - Directly exploitable via network requests without authentication
🏢 Internal Only: HIGH - Exploitable from any network segment with access to the vulnerable service

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed technical analysis available in Talos reports; exploitation requires sending crafted network packets

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.4 or later

Vendor Advisory: https://github.com/EIPStackGroup/OpENer

Restart Required: Yes

Instructions:

1. Download latest version from GitHub repository 2. Replace vulnerable OpENer installation 3. Restart affected services 4. Verify version is 2.4 or higher

🔧 Temporary Workarounds

Network Segmentation

linux

Isolate OpENer instances from untrusted networks

iptables -A INPUT -p tcp --dport 44818 -j DROP
iptables -A INPUT -p udp --dport 2222 -j DROP

Access Control Lists

windows

Restrict network access to OpENer services

netsh advfirewall firewall add rule name="Block OpENer" dir=in action=block protocol=TCP localport=44818

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check OpENer version and compare against vulnerable versions (2.3 or development commit 8c73bf3)

Check Version:

Check application logs or build information for version string

Verify Fix Applied:

Confirm OpENer version is 2.4 or higher and no longer contains the vulnerable code

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connections to port 44818
  • Multiple malformed packet errors
  • Process crashes or unexpected restarts

Network Indicators:

  • Crafted Ethernet/IP packets targeting the vulnerability
  • Unusual traffic patterns to industrial control ports

SIEM Query:

source="network" dest_port=44818 AND (packet_size>normal OR malformed_packet=true)

📊 Metadata

CVE ID: CVE-2020-13556
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 11, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13556, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)