PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

OpENer 缓冲区错误漏洞

OpENer is an open-source industrial Ethernet protocol stack developed by the EIP Stack Group, supporting connections for I/O devices. Version OpENer v2.3-558-g1e99582 contains a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the CreateCommonPacketFormatStructur...

EUVD-2019-15295

Malware in sbrugna...

EUVD-2021-21403

Malware in sbrugna...

EUVD-2021-21404

Malware in sbrugna...

CVE-2021-34753

A vulnerability in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packe...

K000150344: Multiple Wireshark/tshark vulnerabilities

Security Advisory Description CVE-2019-5721 In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. CVE-2019-5719 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to...

CVE-2021-34753

A vulnerability in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packe...

AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24947,CVE-2024-24946 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connecti...

CVE-2023-2263

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack...

Design/Logic Flaw

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack...

CVE-2023-2263 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A – CIP Message Attack Could Cause Denial-Of-Service

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack...

PT-2023-18597 · Rockwell Automation · Kinetix 5700 Dc Bus Power Supply Series A

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A affected versions not specified Description: The issue concerns a vulnerability to CIP fuzzing, which affects the establishment of new ENIP connections. If impacted, this...

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP ENIP communication module models that could be exploited to achieve remote code execution and denial-of-service DoS. "The results and impact of...

Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6087)

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

Rockwell Automation Flex IO Classic Buffer Overflow (CVE-2020-6088)

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen- Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6086)

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6083)

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6085)

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen- Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

Improper access control

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing duri...