PatchSiren cyber security CVE debrief
CVE-2021-27500 Festo CVE debrief
CVE-2021-27500 is a denial-of-service issue in affected Festo devices using the EIPStackGroup OpENer EtherNet/IP stack. According to the CISA CSAF advisory, a specifically crafted packet can disrupt versions prior to 2021-02-10. The advisory covers multiple Festo SBRD-Q, SBOC-Q, and SBOI-Q product variants and states that no fix is planned, so mitigation depends on reducing exposure and disabling EtherNet/IP where it is not needed.
- Vendor
- Festo
- Product
- Hardware
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2021-09-22
- Original CVE updated
- 2025-08-26
- Advisory published
- 2021-09-22
- Advisory updated
- 2025-08-26
Who should care
OT and ICS operators using the affected Festo SBRD-Q, SBOC-Q, or SBOI-Q hardware/firmware; plant engineers; industrial network administrators; and security teams responsible for segmentation and exposure management of EtherNet/IP-enabled equipment.
Technical summary
The advisory describes a network-reachable availability issue in the EIPStackGroup OpENer EtherNet/IP stack used by affected Festo products. An attacker who sends a specifically crafted packet may cause a denial-of-service condition. The source advisory ties the issue to versions prior to 2021-02-10 and lists numerous affected product and firmware entries across the SBRD-Q, SBOC-Q, and SBOI-Q families.
Defensive priority
High for environments where the affected devices are reachable from broader OT or IT networks. The primary impact is loss of availability, and the advisory indicates there is no fix planned, making compensating controls the main defense.
Recommended defensive actions
- Inventory Festo SBRD-Q, SBOC-Q, and SBOI-Q devices and confirm whether affected firmware is present.
- Minimize network exposure for all control system devices and ensure they are not accessible from the Internet.
- Deactivate EtherNet/IP in device settings if it is not required for operations.
- Use network segmentation, access control, and allowlisting to restrict who can reach affected devices.
- Monitor OT network traffic for unexpected EtherNet/IP activity and validate that compensating controls remain in place because no fix is planned.
Evidence notes
The source corpus is the CISA CSAF advisory ICSA-25-273-02 and its referenced official vendor/advisory links. The advisory published on 2021-09-22 and was later revised on 2025-08-26; that revision date should not be treated as the vulnerability’s issue date. The advisory states that a specifically crafted packet can cause denial of service and that there is no fix planned. Mitigation guidance in the advisory is to minimize exposure and disable EtherNet/IP if unused.
Official resources
-
CVE-2021-27500 CVE record
CVE.org
-
CVE-2021-27500 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed via CISA CSAF and associated vendor/reference links on 2021-09-22. The advisory was revised later, but the vulnerability should be dated to the original CVE publication date.