EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser to continue reading fields even when request data is insufficient. This issue is remotely triggerable via network traffic and does not require authentication.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Out-of-Bounds Read in OpENer ForwardOpen Parser | OpENer: OpENer: Out-of-bounds read via malformed ForwardOpen requests |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 14 Jul 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Out-of-Bounds Read in OpENer ForwardOpen Parser | |
| Weaknesses | CWE-20 |
Tue, 14 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-125 | |
| Metrics |
cvssV3_1
|
Mon, 13 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Eipstackgroup
Eipstackgroup opener |
|
| Vendors & Products |
Eipstackgroup
Eipstackgroup opener |
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser to continue reading fields even when request data is insufficient. This issue is remotely triggerable via network traffic and does not require authentication. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-14T13:16:42.741Z
Reserved: 2026-06-08T00:00:00.000Z
Link: CVE-2026-51537
Updated: 2026-07-14T13:16:10.645Z
No data.
OpenCVE Enrichment
Updated: 2026-07-14T23:15:16Z