OpENer is an EtherNet/IP stack for I/O adapter devices, frequently embedded into control systems.

Various Denial of Service and Remote Code Execution vulnerabilities have been disclosed for this ENIP implementation.

Patches are available which can be incorporated into internally developed systems, however vendors may take some time to cover components relying on this stack.

US CISA recommends the following mitigations:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Splice provides all above mitigations as well as vulnerability shielding and behavioural profiling.