Skip to main content

4Diac Forte

1 CVEs product

Monthly

CVE-2026-9158 MEDIUM This Month

Use-after-free in Eclipse 4diac FORTE versions 3.0.0-3.1.0 allows adjacent, unauthenticated attackers to corrupt process memory by sending a specially crafted DELETE connection command to the management interface, leaving a dangling pointer exploitable by subsequent commands. The impact spans memory integrity corruption and availability loss (runtime crash), with a minor confidentiality exposure from stale freed-memory reads - meaningful risks in industrial automation deployments where FORTE orchestrates IEC 61499 distributed control logic. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the CVSS 4.0 supplemental Safety metric is marked Partial (S:P), flagging potential downstream safety consequences in OT environments.

Use After Free Memory Corruption Information Disclosure 4Diac Forte
NVD VulDB
CVSS 4.0
5.2
EPSS
0.2%
EPSS 0% CVSS 5.2
MEDIUM This Month

Use-after-free in Eclipse 4diac FORTE versions 3.0.0-3.1.0 allows adjacent, unauthenticated attackers to corrupt process memory by sending a specially crafted DELETE connection command to the management interface, leaving a dangling pointer exploitable by subsequent commands. The impact spans memory integrity corruption and availability loss (runtime crash), with a minor confidentiality exposure from stale freed-memory reads - meaningful risks in industrial automation deployments where FORTE orchestrates IEC 61499 distributed control logic. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the CVSS 4.0 supplemental Safety metric is marked Partial (S:P), flagging potential downstream safety consequences in OT environments.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy