{"uuid": "b9044b55-607b-4186-8591-5a3dc4196021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51538", "type": "seen", "source": "https://gist.github.com/MrAlaskan/8156ca3acd6754a9f66efede0a1351f2", "content": "# Security Advisory: CVE-2026-51538\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51538\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-284: Improper Access Control\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS); Privilege Escalation\n\n## Description\nAn improper access control vulnerability exists in the encapsulation session handling logic of OpENer 2.3.0. A remote attacker may reuse a valid session handle associated with another client connection to issue encapsulation commands, potentially resulting in unauthorized command processing and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the encapsulation session handling logic in `source/src/enet_encap/encap.c`, specifically the `CheckRegisteredSessions` function and command handling paths for `UnregisterSession`, `SendRRData`, and `SendUnitData`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818.\n\nThe attacker can then provide a valid session handle that was created by another legitimate client. Due to insufficient binding between encapsulation session handles and their originating TCP connections, the server may accept and process encapsulation commands submitted from the attacker-controlled connection.\n\nSuccessful exploitation may allow unauthorized use of another client's session handle and can disrupt legitimate industrial communication, resulting in a Denial of Service condition.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/565\n\n## Discoverers\nHuashuo Liu, Qixun Tang, Jinwen Xi, and Min Liu from Institute of Computing Technology, Chinese Academy of Sciences", "creation_timestamp": "2026-07-09T03:40:11.198858Z"}