Products
OpenPLC
- v3 b4702061dc14d1024856f71b4543298d77007b88
Source
talos-cna@cisco.com
Tags
CVE-2024-34026 details
Published : Sept. 18, 2024, 3:15 p.m.
Last Modified : Sept. 18, 2024, 3:15 p.m.
Last Modified : Sept. 18, 2024, 3:15 p.m.
Description
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.0 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.0
Exploitability Score
2.2
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 | talos-cna@cisco.com |
This website uses the NVD API, but is not approved or certified by it.