<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 12:15:38 +0000</lastBuildDate>
    <item>
      <title>68a7db92-9d34-4663-a6ae-3b5bdd9b3a2e</title>
      <link>https://vulnerability.circl.lu/sighting/68a7db92-9d34-4663-a6ae-3b5bdd9b3a2e/export</link>
      <description>{"uuid": "68a7db92-9d34-4663-a6ae-3b5bdd9b3a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51541", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh7pt3tu2q", "content": "CVE-2026-51541\nOpENer, a software used for industrial automation, is at risk of data loss when receiving a specially crafted message from an attacker. This could disrupt communication between devices and impact business\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:48:05.438132Z"}</description>
      <content:encoded>{"uuid": "68a7db92-9d34-4663-a6ae-3b5bdd9b3a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51541", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh7pt3tu2q", "content": "CVE-2026-51541\nOpENer, a software used for industrial automation, is at risk of data loss when receiving a specially crafted message from an attacker. This could disrupt communication between devices and impact business\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:48:05.438132Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/68a7db92-9d34-4663-a6ae-3b5bdd9b3a2e/export</guid>
      <pubDate>Tue, 14 Jul 2026 14:48:05 +0000</pubDate>
    </item>
    <item>
      <title>7ad64094-7c1a-4903-9d0d-bca940abd4dd</title>
      <link>https://vulnerability.circl.lu/sighting/7ad64094-7c1a-4903-9d0d-bca940abd4dd/export</link>
      <description>{"uuid": "7ad64094-7c1a-4903-9d0d-bca940abd4dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51541", "type": "seen", "source": "https://gist.github.com/MrAlaskan/705c680856e48c535148265c0899ad4b", "content": "# Security Advisory: CVE-2026-51541\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51541\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0)\n* **Vulnerability Type:** CWE-125: Out-of-bounds Read\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn out-of-bounds read vulnerability exists in the CIP explicit message parsing logic of OpENer 2.3.0. A remotely crafted malformed CIP request may cause the EPATH decoder to read beyond the valid receive buffer, leading to a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the CIP explicit message parsing path, including `source/src/cip/cipcommon.c` and `source/src/cip/cipmessagerouter.c`, specifically the `DecodePaddedEPath` and `CreateMessageRouterRequestStructure` functions.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and completing session registration.\n\nThe attacker can then send a crafted `SendRRData` request containing a malformed CIP explicit message with inconsistent path length information. Due to insufficient validation of the remaining input length during EPATH decoding, the parser may read beyond the valid receive buffer.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/582", "creation_timestamp": "2026-07-09T03:44:40.481247Z"}</description>
      <content:encoded>{"uuid": "7ad64094-7c1a-4903-9d0d-bca940abd4dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51541", "type": "seen", "source": "https://gist.github.com/MrAlaskan/705c680856e48c535148265c0899ad4b", "content": "# Security Advisory: CVE-2026-51541\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51541\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0)\n* **Vulnerability Type:** CWE-125: Out-of-bounds Read\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn out-of-bounds read vulnerability exists in the CIP explicit message parsing logic of OpENer 2.3.0. A remotely crafted malformed CIP request may cause the EPATH decoder to read beyond the valid receive buffer, leading to a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the CIP explicit message parsing path, including `source/src/cip/cipcommon.c` and `source/src/cip/cipmessagerouter.c`, specifically the `DecodePaddedEPath` and `CreateMessageRouterRequestStructure` functions.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and completing session registration.\n\nThe attacker can then send a crafted `SendRRData` request containing a malformed CIP explicit message with inconsistent path length information. Due to insufficient validation of the remaining input length during EPATH decoding, the parser may read beyond the valid receive buffer.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/582", "creation_timestamp": "2026-07-09T03:44:40.481247Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7ad64094-7c1a-4903-9d0d-bca940abd4dd/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:44:40 +0000</pubDate>
    </item>
  </channel>
</rss>
