Login Sign Up

CVE-2021-27498

7.5 HIGH
Denial of Service

📋 TL;DR

A denial-of-service vulnerability in EIPStackGroup OpENer EtherNet/IP stack allows attackers to crash affected systems by sending specially crafted packets. This affects industrial control systems and devices using vulnerable versions of the OpENer library. The vulnerability requires network access to the target system.

💻 Affected Systems

Products:
  • EIPStackGroup OpENer EtherNet/IP stack
Versions: All versions prior to February 10, 2021
Operating Systems: Any OS running OpENer library
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any device or application using the vulnerable OpENer library, commonly found in industrial control systems.

📦 What is this software?

Opener by Opener Project

View all CVEs affecting Opener →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring manual restart, potentially disrupting industrial processes or critical operations.

🟠

Likely Case

Service disruption causing temporary unavailability of EtherNet/IP communication until system restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring detecting malicious packets.

🌐 Internet-Facing: HIGH if exposed to untrusted networks without proper filtering.
🏢 Internal Only: MEDIUM as internal attackers could still exploit, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted packets to the vulnerable service, no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions from February 10, 2021 onward

Vendor Advisory: https://github.com/EIPStackGroup/OpENer

Restart Required: Yes

Instructions:

1. Update OpENer library to version from Feb 10, 2021 or later. 2. Recompile any applications using the library. 3. Restart affected services or devices.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EtherNet/IP devices from untrusted networks using firewalls or VLANs.

Packet Filtering

all

Implement network filtering to block suspicious EtherNet/IP packets at perimeter.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with EtherNet/IP services.
  • Deploy intrusion detection systems to monitor for DoS attempts and anomalous traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check if OpENer library version predates February 10, 2021 in your application or device.

Check Version:

Check application documentation or vendor information for OpENer library version.

Verify Fix Applied:

Confirm OpENer library version is from Feb 10, 2021 or later and test service stability.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service crashes
  • EtherNet/IP service restarts
  • Connection resets

Network Indicators:

  • Malformed EtherNet/IP packets
  • Sudden traffic spikes to EtherNet/IP ports

SIEM Query:

source_port:44818 AND (packet_size:anomalous OR protocol_violation:true)

📊 Metadata

CVE ID: CVE-2021-27498
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617
Published: May 12, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27498, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)
CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)
CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)