CISA advises update of Ethercat Zeek Plugin due to critical issues
Take action: Ethercat Plugin for Zeek, plan for a patch of the plugin. May not be an easy process, and isolation from the internet will help but it's nature is to scan network packets. A compromise elsewhere in the system will make this component vulnerable.
Learn More
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding critical vulnerabilities within the Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek, a tool utilized for monitoring industrial control systems networks.
These vulnerabilities, identified as out-of-bounds write and out-of-bounds read issues could potentially enable remote code execution or cause the Zeek process to crash, leading to information leakage.
- CVE-2023-7244, CVE-2023-7243 Out-of-bounds Write (CVSS score 9.8) allow remote attackers to execute arbitrary code via crafted Ethercat packets.
- CVE-2023-7242 Out-of-bounds Read (CVSS score 9.8) could enable attackers to crash the Zeek process and potentially leak sensitive information from memory
Affected Software: ICSNPP - Ethercat Plugin for Zeek (versions d78dda6 and prior).
CISA advises users to update the Ethercat Plugin for Zeek to commit 3bca34c or later to address these vulnerabilities.
As of the initial publication date on February 20, 2024, there have been no reported instances of these vulnerabilities being exploited in the wild. Given the widespread deployment of the affected plugin across multiple critical infrastructure sectors globally, the potential impact is considered highly significant.
