Skip to main content

Cipster

1 CVEs product

Monthly

CVE-2026-16013 MEDIUM POC PATCH This Month

Out-of-bounds read in CIPster's EtherNet/IP symbolic path parser exposes industrial control systems to remote availability disruption and potential memory disclosure. The flaw resides in `CipAppPath::deserialize_symbolic` (source/src/cip/cipepath.cc), where unsafe `memcpy` calls copy attacker-controlled byte counts from a network-supplied CIP symbolic path segment into a fixed-size stack buffer without bounds enforcement, reachable by a remote unauthenticated attacker sending a crafted EtherNet/IP explicit messaging request. No active exploitation is confirmed (not in CISA KEV), but a POC exploit archive has been publicly released and the CVSS 4.0 E:P modifier corroborates exploit availability.

Information Disclosure Buffer Overflow Cipster
NVD VulDB GitHub
CVSS 4.0
5.5
CVSS 5.5
MEDIUM POC PATCH This Month

Out-of-bounds read in CIPster's EtherNet/IP symbolic path parser exposes industrial control systems to remote availability disruption and potential memory disclosure. The flaw resides in `CipAppPath::deserialize_symbolic` (source/src/cip/cipepath.cc), where unsafe `memcpy` calls copy attacker-controlled byte counts from a network-supplied CIP symbolic path segment into a fixed-size stack buffer without bounds enforcement, reachable by a remote unauthenticated attacker sending a crafted EtherNet/IP explicit messaging request. No active exploitation is confirmed (not in CISA KEV), but a POC exploit archive has been publicly released and the CVSS 4.0 E:P modifier corroborates exploit availability.

Information Disclosure Buffer Overflow Cipster
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy