Skip to main content

EIPStackGroup OpENer EUVD-2026-34062

| CVE-2026-10703 LOW
Use After Free (CWE-416)
2026-06-03 VulDB GHSA-vm9p-5mrq-6w5f
Use After Free Denial Of Service Memory Corruption Opener
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 03, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jun 03, 2026 - 02:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jun 03, 2026 - 01:57 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Use-after-free in OpENer's EtherNet/IP stack (versions up to 2.3.0) exposes industrial control system deployments to remote memory corruption via the CIP SendRRData handler. A low-privileged network attacker can manipulate the CreateMessageRouterRequestStructure function in cipmessagerouter.c to access freed memory, leading to denial of service, memory corruption, or potentially arbitrary code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege CIP network access
Delivery
Connect to EtherNet/IP port 44818
Exploit
Send crafted SendRRData explicit message
Execution
Trigger use-after-free in CreateMessageRouterRequestStructure
Persist
Corrupt heap memory
Impact
Achieve denial of service or code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The CVSS vector PR:L indicates low privileges are required - exploitation is not unauthenticated; the attacker must have some level of access to send CIP explicit messages to the target (e.g., a CIP session or minimal EtherNet/IP network membership). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.3 Medium score is driven by AV:N/AC:L/PR:L/UI:N, indicating low-complexity remote exploitation requiring only low-level privileges, with Unchanged scope and Low impact across all three CIA pillars. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-level authenticated access to an EtherNet/IP network (e.g., a compromised engineering workstation or any device permitted to send CIP explicit messages) sends a specially crafted SendRRData request to the target OpENer device on TCP port 44818. The malformed CIP message triggers the use-after-free in `CreateMessageRouterRequestStructure`, corrupting heap memory. …
Remediation No vendor-released patch has been identified at time of analysis - the project maintainer had not responded to the coordinated disclosure via GitHub issue #566 at time of reporting. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34062 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy