Opener
Monthly
Use-after-free in OpENer's EtherNet/IP stack (versions up to 2.3.0) exposes industrial control system deployments to remote memory corruption via the CIP SendRRData handler. A low-privileged network attacker can manipulate the `CreateMessageRouterRequestStructure` function in `cipmessagerouter.c` to access freed memory, leading to denial of service, memory corruption, or potentially arbitrary code execution. A public proof-of-concept exploit has been disclosed, and the maintainer has not responded to the coordinated disclosure issue (#566), meaning no patch is available at time of analysis.
Use-after-free in OpENer's EtherNet/IP stack (versions up to 2.3.0) exposes industrial control system deployments to remote memory corruption via the CIP SendRRData handler. A low-privileged network attacker can manipulate the `CreateMessageRouterRequestStructure` function in `cipmessagerouter.c` to access freed memory, leading to denial of service, memory corruption, or potentially arbitrary code execution. A public proof-of-concept exploit has been disclosed, and the maintainer has not responded to the coordinated disclosure issue (#566), meaning no patch is available at time of analysis.