Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-476 |
Thu, 26 Sep 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openplcproject openplc V3 Firmware
|
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:o:openplcproject:openplc_v3_firmware:2024-05-28:*:*:*:*:*:*:* | |
Vendors & Products |
Openplcproject openplc V3 Firmware
|
Wed, 18 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openplcproject
Openplcproject openplc V3 |
|
CPEs | cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:* | |
Vendors & Products |
Openplcproject
Openplcproject openplc V3 |
|
Metrics |
ssvc
|
Wed, 18 Sep 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function | |
Weaknesses | CWE-704 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-09-18T14:35:54.295Z
Updated: 2024-09-18T17:28:52.222Z
Reserved: 2024-06-26T08:54:03.200Z
Link: CVE-2024-39589
Vulnrichment
Updated: 2024-09-18T17:28:45.799Z
NVD
Status : Analyzed
Published: 2024-09-18T15:15:15.333
Modified: 2024-09-26T21:36:12.887
Link: CVE-2024-39589
Redhat
No data.