Team82, the research department of industrial cybersecurity specialist Claroty, is now making its self-developed EtherNet/IP stack detection tool ENIP & CIP Stack Detector available free of charge via its GitHub repository to anyone interested in detecting vulnerabilities.
The tool can be used by cybersecurity researchers, OT engineers and industrial plant operators to identify and classify the ENIP stack code of their deployed commercial and homegrown products. This allows them to better assess their exposure to newly discovered vulnerabilities and then prioritize updates.
Assess vulnerabilities - prioritize updates
Team82 has deployed the EtherNet/IP & CIP Stack Detector at the heart of several ENIP-related projects, such as the November 499 disclosure of a stack overflow vulnerability in Real Time Automation's (RTA) 2020ES ENIP stack. Further disclosures have made this clear that plant operators often have deficits in identifying affected devices as soon as a critical ENIP stack vulnerability has been identified and published: With many products it is not clear which software components they contain, for example the implemented protocol stacks. This can now be checked with the new tool.
Vulnerabilities in devices with ENIP stack
The tool can be used to analyze and eliminate vulnerabilities or to identify honeypots. Plant operators can use the tool to identify devices with an ENIP stack that are affected by a newly discovered security vulnerability. Without a software bill of materials (SBOM), users are often blind to the components used in commercial products and may be unaware that they are impacted by critical vulnerabilities. This complicates patch management decisions and can leave them vulnerable to published vulnerabilities as well. The tool is also suitable for classifying honeypots and optimizing them so that attackers can hardly identify them as such.
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.