ODVA, the organization in charge of the EtherNet/IP protocol responds to the Project Basecamp Metasploit module and payloads that take advantage of the protocol’s lack of authentication to reboot or completed stop the device. It basically says yes this is true because EtherNet/IP is “an open protocol”, and you should follow ICS-CERT and ODVA guidance on good security practices to stop the bad guys from getting to an EtherNet/IP device.
On one hand it is unrealistic to expect a membership based organization to have a quick response to any news. They discuss the possibility to “work with its members to evaluate potential security enhancements to the specification that can address these and other emerging risks”. On the other hand, it is very embarrassing that they have known the Basecamp and many other attacks are possible on this “open protocol” for years and have chosen to do literally nothing. One of the goals of Basecamp is to finally start the process of security PLC’s and other field devices, so you will hear nothing but praise from us if they use this opportunity to quickly start and expeditiously work to add security options to the protocol.
Dear ODVA members,
You may be aware that today a security consulting firm called Digital Bond released plug-in modules for the Metasploit Framework that expose specific security vulnerabilities in industrial control systems using EtherNet/IP™. ODVA is responding to this issue, and below you will find information that we will be providing to industry as a first step.
If you receive any inquiries related to this issue, please feel free to contact me directly on email@example.com.
Today, Digital Bond released plug-in modules for the Metasploit Framework that expose specific security vulnerabilities in industrial control systems using EtherNet/IP™.
EtherNet/IP was engineered as an open protocol with the express intent to improve interconnectivity and the integration of industrial control products from multiple vendors. As a result, the potential exists that certain protocol attributes can be mis-applied in a way that can disrupt operation and affect availability of products in an EtherNet/IP system. These types of vulnerabilities and potential attacks on open protocols are not unique to EtherNet/IP; nonetheless ODVA shares in the particular concerns raised by this event because of EtherNet/IP’s widespread use in critical industrial control systems and other mission critical applications.