Stack-Based Buffer Overflow in OpenPLC Runtime EtherNet/IP Parser
CVE-2024-34026

9.8CRITICAL

Key Information:

Vendor: Openplcproject
Status: Openplc V3 Firmware
Vendor: CVE Published:; 18 September 2024

🔔 Create Openplcproject Vulnerability Alert

What is CVE-2024-34026?

A vulnerability exists in the OpenPLC Runtime caused by a stack-based buffer overflow in its EtherNet/IP parser functionality. By sending a series of specially crafted EtherNet/IP requests, an attacker could exploit this vulnerability, potentially leading to unauthorized remote code execution and compromising the integrity of the affected systems. This could allow malicious actors to manipulate the control processes managed by the OpenPLC, posing significant risks to industrial automation and control environments.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024