4Diac Forte
Monthly
Use-after-free in Eclipse 4diac FORTE versions 3.0.0-3.1.0 allows adjacent, unauthenticated attackers to corrupt process memory by sending a specially crafted DELETE connection command to the management interface, leaving a dangling pointer exploitable by subsequent commands. The impact spans memory integrity corruption and availability loss (runtime crash), with a minor confidentiality exposure from stale freed-memory reads - meaningful risks in industrial automation deployments where FORTE orchestrates IEC 61499 distributed control logic. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the CVSS 4.0 supplemental Safety metric is marked Partial (S:P), flagging potential downstream safety consequences in OT environments.
Use-after-free in Eclipse 4diac FORTE versions 3.0.0-3.1.0 allows adjacent, unauthenticated attackers to corrupt process memory by sending a specially crafted DELETE connection command to the management interface, leaving a dangling pointer exploitable by subsequent commands. The impact spans memory integrity corruption and availability loss (runtime crash), with a minor confidentiality exposure from stale freed-memory reads - meaningful risks in industrial automation deployments where FORTE orchestrates IEC 61499 distributed control logic. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the CVSS 4.0 supplemental Safety metric is marked Partial (S:P), flagging potential downstream safety consequences in OT environments.