Lucene search
K

463 matches found

EUVD
EUVD
added 15 hours ago4 views

EUVD-2026-43607

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

9.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

9.1CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-51536

In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...

9.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

9.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-51536

In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...

9.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.10 views

CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 1:39 p.m.7 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:30 a.m.9 views

CVE-2026-10703 EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

6.5CVSS6.1AI score0.00243EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:30 a.m.8 views

CVE-2026-10703

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

6.5CVSS6.1AI score0.00243EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.21 views

PT-2026-45897

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

6.5CVSS5.3AI score0.00243EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.5 views

Wireshark 2.2.x < 2.2.11 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.2.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.11 advisory. - In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in...

7.5CVSS7.2AI score0.16786EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Wireshark 2.2.x < 2.2.11 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.11 advisory. - In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was...

7.5CVSS7.2AI score0.16786EPSS
Exploits1References10
NVD
NVD
added 2026/02/11 10:15 p.m.44 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

7.5CVSS0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.3 views

CVE-2024-50618

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the...

5.6AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 12:0 a.m.15 views

CVE-2024-50620

Summary: CVE-2024-50620 affects CIPPlanner CIPAce versions prior to 9.17. In the rich text editor and document management components, an authorized user can upload executable files (via inserting images or file uploads). Those executables can be executed if stored in a non-shared directory or if ...

8.8CVSS5.5AI score0.00289EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:52 p.m.3 views

CVE-2025-11743

A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover...

7.1CVSS5.3AI score0.00159EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:49 p.m.3 views

CVE-2025-9464

A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/16 4:43 p.m.5 views

Malicious Package

Overview sd-cip-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/16 12:10 a.m.7 views

Malicious code in sd-cip-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dffd6baead2182a6d4f7487b352b9ccf3119af1299a5aaa68edbbc8a59d3de11 The package sd-cip-module-client was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Rows per page
Query Builder