An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00232}

epss

{'score': 0.00264}


Thu, 26 Sep 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Openplcproject openplc V3 Firmware
CPEs cpe:2.3:o:openplcproject:openplc_v3_firmware:2024-04-04:*:*:*:*:*:*:*
Vendors & Products Openplcproject openplc V3 Firmware

Wed, 18 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Openplcproject
Openplcproject openplc V3
CPEs cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*
Vendors & Products Openplcproject
Openplcproject openplc V3
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2024-09-18T18:18:49.044Z

Reserved: 2024-05-30T16:01:30.401Z

Link: CVE-2024-36981

cve-icon Vulnrichment

Updated: 2024-09-18T18:17:49.804Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-18T15:15:15.110

Modified: 2024-09-26T20:55:39.783

Link: CVE-2024-36981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.