Skip to main content

CIPster CVE-2026-13592

| EUVDEUVD-2026-40156 MEDIUM
Buffer Overflow (CWE-119)
2026-06-29 cna@vuldb.com GHSA-xxw5-vgjv-jc6g
5.5
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.3 HIGH

Network-reachable EtherNet/IP handler requires no authentication or user interaction; Low C/I/A reflects the CVSS 4.0 reporter assessment of bounded memory corruption impact, consistent with available POC behavior.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 29, 2026 - 18:31 vuln.today

DescriptionCVE.org

A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

Out-of-bounds write in CIPster's EtherNet/IP Message Handler exposes industrial automation devices to remote memory corruption through the BufWriter::append function. Unauthenticated remote attackers reachable on the EtherNet/IP network can send crafted protocol messages to corrupt adjacent memory, with potential for service disruption or, with further research, arbitrary code execution on embedded OT devices. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to OT/ICS network segment
Delivery
Identify CIPster-based device on port 44818
Exploit
Send crafted EtherNet/IP message using public POC
Execution
Trigger BufWriter::append out-of-bounds write
Persist
Corrupt adjacent process memory
Impact
Cause denial of service or potential code execution

Vulnerability AssessmentAI

Exploitation No authentication is required and no special non-default configuration is needed - any device running an unpatched CIPster build that exposes its EtherNet/IP service on a network-reachable interface is exploitable upon message receipt. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.5 (Moderate) likely understates real-world risk in OT/ICS environments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the OT/ICS network segment hosting a CIPster-based device downloads the publicly available poc.zip exploit and uses it to send a specially crafted EtherNet/IP message to TCP port 44818 of the target device. The malformed message triggers the BufWriter::append out-of-bounds write in the message handler, corrupting adjacent memory and causing the CIP stack to crash or behave unpredictably, disrupting the industrial process it controls.
Remediation The primary fix is to apply commit 3a0159ed43125dcd024a1965f0289cb186bae9ff from the CIPster GitHub repository (https://github.com/liftoff-sr/CIPster/commit/3a0159ed43125dcd024a1965f0289cb186bae9ff); no tagged release version exists due to the rolling release model, so operators must verify their deployed commit hash against the repository and rebuild from patched source. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy