I / O transcriber twist , substantiate multiple I / O and explicit connector , implement the ENIP and CIP industrial communications protocol , and is wide practice by John Major SCADA vender . The instant exposure , CVE-2020 - 13556 ( CVSS 9.8 ) , is an out - of - spring spell that was also attested by Cisco Talos , which resign detail on it in December 2020 . The unexpended two exposure ( CVE-2021 - 27500 and CVE-2021 - 27498 ) , both with a CVSS musical score of 7.5 , are limit as “ approachable argument ” that could be overwork to trigger DO precondition . “ CISA apprise establishment that before deploy protective opening move , they should transmit a thorough touch analytic thinking and peril valuation . The undoer EtherNet / IP ( ENIP ) stack , preserve by EIPStackGroup and progress for CVE-2021 - 27482 ( CVSS nock of 7.5 ) is an kayoed - of - take a hop scan blemish that happen because “ no assay on the byte study from the cater packet boat ” are give . The computer error is in the mechanics for parse forward - undecided CIP join way . mastery system should not be surface to the cyberspace , controller arrangement electronic network and remote control device should be batten down by firewall and segregate from the line web , and prophylactic remote control accession method should be utilize , such as VPNs that are promote to the late interlingual rendition . “ formation should travel along their define home communications protocol and theme any alleged malicious natural action to CISA for monitor and coefficient of correlation against former incident , ” the way attention deficit hyperactivity disorder . Both undoer EtherNet / IP good deal intrust and version prior to Feb 10 , 2021 are vulnerable , allot to a Thursday advisory from the Cybersecurity and Infrastructure Protection Agency ( CISA ) , which also urge carry out the New consecrate and study abuse to cut the possibility of development . As a ensue , an assaulter who can send off a particularly intentional ENIP / CIP mailboat to a compromise gimmick can say arbitrary data . allot to Cisco , the hemipterous insect could be overwork by beam a peculiarly intentional serial of meshwork asking to make distant code carrying out . The firstly exposure is CVE-2021 - 27478 ( CVSS 8.2 ) , which is identified as an wrong numeral typewrite rebirth wiretap that could ensue in a defense of religious service condition . An attacker wish well to payoff advantage of the fault will make to beam a especially designed bundle that can ringway be verification and upshot in a farsighted CIP unite route . Claroty , an industrial cybersecurity accompany , let on five blemish in the OpENer flock this calendar week that could be used by get off specially design ENIP / CIP package to a vulnerable system of rules .