An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00263}

epss

{'score': 0.00299}


Thu, 26 Sep 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Openplcproject openplc V3 Firmware
CPEs cpe:2.3:o:openplcproject:openplc_v3_firmware:2024-04-04:*:*:*:*:*:*:*
Vendors & Products Openplcproject openplc V3 Firmware

Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Openplcproject
Openplcproject openplc V3
CPEs cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*
Vendors & Products Openplcproject
Openplcproject openplc V3
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2024-09-18T18:21:19.831Z

Reserved: 2024-05-30T16:01:30.401Z

Link: CVE-2024-36980

cve-icon Vulnrichment

Updated: 2024-09-18T18:21:10.828Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-18T15:15:14.903

Modified: 2024-09-26T20:53:57.597

Link: CVE-2024-36980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.