<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 15 Jul 2026 23:27:26 +0000</lastBuildDate>
    <item>
      <title>b737aad6-5840-4d84-bd62-2837fb815fe2</title>
      <link>https://vulnerability.circl.lu/sighting/b737aad6-5840-4d84-bd62-2837fb815fe2/export</link>
      <description>{"uuid": "b737aad6-5840-4d84-bd62-2837fb815fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51538", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh7ocfu62v", "content": "CVE-2026-51538\nAn attacker on the network can use a valid session handle from another client to bypass access controls in EIPStackGroup OpENer 2.3.0. This could allow an unauthorized user to access sensitive information or\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:48:04.042122Z"}</description>
      <content:encoded>{"uuid": "b737aad6-5840-4d84-bd62-2837fb815fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51538", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh7ocfu62v", "content": "CVE-2026-51538\nAn attacker on the network can use a valid session handle from another client to bypass access controls in EIPStackGroup OpENer 2.3.0. This could allow an unauthorized user to access sensitive information or\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:48:04.042122Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b737aad6-5840-4d84-bd62-2837fb815fe2/export</guid>
      <pubDate>Tue, 14 Jul 2026 14:48:04 +0000</pubDate>
    </item>
    <item>
      <title>f514785a-d1ab-4839-8c1b-f28f668fb989</title>
      <link>https://vulnerability.circl.lu/sighting/f514785a-d1ab-4839-8c1b-f28f668fb989/export</link>
      <description>{"uuid": "f514785a-d1ab-4839-8c1b-f28f668fb989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51537", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh467mk22t", "content": "CVE-2026-51537\nThe EIPStackGroup OpENer software has a security issue that can be exploited by an attacker sending specially crafted network packets. This could potentially cause the server to crash or behave unexpectedly. To\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:46:06.413421Z"}</description>
      <content:encoded>{"uuid": "f514785a-d1ab-4839-8c1b-f28f668fb989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51537", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh467mk22t", "content": "CVE-2026-51537\nThe EIPStackGroup OpENer software has a security issue that can be exploited by an attacker sending specially crafted network packets. This could potentially cause the server to crash or behave unexpectedly. To\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:46:06.413421Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f514785a-d1ab-4839-8c1b-f28f668fb989/export</guid>
      <pubDate>Tue, 14 Jul 2026 14:46:06 +0000</pubDate>
    </item>
    <item>
      <title>5298b173-375f-4993-9982-afa7e2642726</title>
      <link>https://vulnerability.circl.lu/sighting/5298b173-375f-4993-9982-afa7e2642726/export</link>
      <description>{"uuid": "5298b173-375f-4993-9982-afa7e2642726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51536", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh44rhv52r", "content": "CVE-2026-51536\nA programming error in OpENer's CIP parsing code can allow a malicious packet to cause the system to crash. This is a serious issue because it can lead to data loss and system downtime. To protect your system,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:46:05.106875Z"}</description>
      <content:encoded>{"uuid": "5298b173-375f-4993-9982-afa7e2642726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51536", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmh44rhv52r", "content": "CVE-2026-51536\nA programming error in OpENer's CIP parsing code can allow a malicious packet to cause the system to crash. This is a serious issue because it can lead to data loss and system downtime. To protect your system,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-14T14:46:05.106875Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5298b173-375f-4993-9982-afa7e2642726/export</guid>
      <pubDate>Tue, 14 Jul 2026 14:46:05 +0000</pubDate>
    </item>
    <item>
      <title>5cde41b0-1ffe-4598-99bf-4b8b6d9d34ee</title>
      <link>https://vulnerability.circl.lu/sighting/5cde41b0-1ffe-4598-99bf-4b8b6d9d34ee/export</link>
      <description>{"uuid": "5cde41b0-1ffe-4598-99bf-4b8b6d9d34ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51539", "type": "seen", "source": "https://gist.github.com/MrAlaskan/f22dcf01a5dd90da1b191fcee9043a32", "content": "# Security Advisory: CVE-2026-51539\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51539\n* **Vendor:** libmodbus\n* **Product:** libmodbus (Version 3.1.12)\n* **Vulnerability Type:** CWE-400: Uncontrolled Resource Consumption\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nA Denial of Service vulnerability exists in the receive loop of libmodbus 3.1.12 on Windows. A remote attacker can abuse timeout handling during network read operations to keep the server blocked in the receive path, preventing legitimate Modbus communication.\n\n## Affected Component\nThe vulnerability affects the message receive logic in `src/modbus.c`, specifically the `_modbus_receive_msg` function and its handling of timeouts using `select()` on Windows environments.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target Modbus TCP service can exploit this vulnerability by connecting to the configured Modbus TCP port.\n\nThe attacker can then send a Modbus request slowly, transmitting data in small fragments with pauses shorter than the configured receive timeout. Due to improper timeout accounting on Windows, the receive timeout may be effectively restarted for each received fragment, causing the server to remain in the receive loop for an extended period.\n\nSuccessful exploitation can block the affected server from processing legitimate client requests, resulting in a Denial of Service condition.\n\n## References\n* GitHub Issue: https://github.com/stephane/libmodbus/issues/843", "creation_timestamp": "2026-07-09T03:42:07.101466Z"}</description>
      <content:encoded>{"uuid": "5cde41b0-1ffe-4598-99bf-4b8b6d9d34ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51539", "type": "seen", "source": "https://gist.github.com/MrAlaskan/f22dcf01a5dd90da1b191fcee9043a32", "content": "# Security Advisory: CVE-2026-51539\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51539\n* **Vendor:** libmodbus\n* **Product:** libmodbus (Version 3.1.12)\n* **Vulnerability Type:** CWE-400: Uncontrolled Resource Consumption\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nA Denial of Service vulnerability exists in the receive loop of libmodbus 3.1.12 on Windows. A remote attacker can abuse timeout handling during network read operations to keep the server blocked in the receive path, preventing legitimate Modbus communication.\n\n## Affected Component\nThe vulnerability affects the message receive logic in `src/modbus.c`, specifically the `_modbus_receive_msg` function and its handling of timeouts using `select()` on Windows environments.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target Modbus TCP service can exploit this vulnerability by connecting to the configured Modbus TCP port.\n\nThe attacker can then send a Modbus request slowly, transmitting data in small fragments with pauses shorter than the configured receive timeout. Due to improper timeout accounting on Windows, the receive timeout may be effectively restarted for each received fragment, causing the server to remain in the receive loop for an extended period.\n\nSuccessful exploitation can block the affected server from processing legitimate client requests, resulting in a Denial of Service condition.\n\n## References\n* GitHub Issue: https://github.com/stephane/libmodbus/issues/843", "creation_timestamp": "2026-07-09T03:42:07.101466Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5cde41b0-1ffe-4598-99bf-4b8b6d9d34ee/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:42:07 +0000</pubDate>
    </item>
    <item>
      <title>b9044b55-607b-4186-8591-5a3dc4196021</title>
      <link>https://vulnerability.circl.lu/sighting/b9044b55-607b-4186-8591-5a3dc4196021/export</link>
      <description>{"uuid": "b9044b55-607b-4186-8591-5a3dc4196021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51538", "type": "seen", "source": "https://gist.github.com/MrAlaskan/8156ca3acd6754a9f66efede0a1351f2", "content": "# Security Advisory: CVE-2026-51538\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51538\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-284: Improper Access Control\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS); Privilege Escalation\n\n## Description\nAn improper access control vulnerability exists in the encapsulation session handling logic of OpENer 2.3.0. A remote attacker may reuse a valid session handle associated with another client connection to issue encapsulation commands, potentially resulting in unauthorized command processing and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the encapsulation session handling logic in `source/src/enet_encap/encap.c`, specifically the `CheckRegisteredSessions` function and command handling paths for `UnregisterSession`, `SendRRData`, and `SendUnitData`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818.\n\nThe attacker can then provide a valid session handle that was created by another legitimate client. Due to insufficient binding between encapsulation session handles and their originating TCP connections, the server may accept and process encapsulation commands submitted from the attacker-controlled connection.\n\nSuccessful exploitation may allow unauthorized use of another client's session handle and can disrupt legitimate industrial communication, resulting in a Denial of Service condition.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/565\n\n## Discoverers\nHuashuo Liu, Qixun Tang, Jinwen Xi, and Min Liu from Institute of Computing Technology, Chinese Academy of Sciences", "creation_timestamp": "2026-07-09T03:40:11.198858Z"}</description>
      <content:encoded>{"uuid": "b9044b55-607b-4186-8591-5a3dc4196021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51538", "type": "seen", "source": "https://gist.github.com/MrAlaskan/8156ca3acd6754a9f66efede0a1351f2", "content": "# Security Advisory: CVE-2026-51538\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51538\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-284: Improper Access Control\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS); Privilege Escalation\n\n## Description\nAn improper access control vulnerability exists in the encapsulation session handling logic of OpENer 2.3.0. A remote attacker may reuse a valid session handle associated with another client connection to issue encapsulation commands, potentially resulting in unauthorized command processing and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the encapsulation session handling logic in `source/src/enet_encap/encap.c`, specifically the `CheckRegisteredSessions` function and command handling paths for `UnregisterSession`, `SendRRData`, and `SendUnitData`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818.\n\nThe attacker can then provide a valid session handle that was created by another legitimate client. Due to insufficient binding between encapsulation session handles and their originating TCP connections, the server may accept and process encapsulation commands submitted from the attacker-controlled connection.\n\nSuccessful exploitation may allow unauthorized use of another client's session handle and can disrupt legitimate industrial communication, resulting in a Denial of Service condition.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/565\n\n## Discoverers\nHuashuo Liu, Qixun Tang, Jinwen Xi, and Min Liu from Institute of Computing Technology, Chinese Academy of Sciences", "creation_timestamp": "2026-07-09T03:40:11.198858Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b9044b55-607b-4186-8591-5a3dc4196021/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:40:11 +0000</pubDate>
    </item>
    <item>
      <title>8e4a8b36-f99b-4de1-a187-f792c9b5b4db</title>
      <link>https://vulnerability.circl.lu/sighting/8e4a8b36-f99b-4de1-a187-f792c9b5b4db/export</link>
      <description>{"uuid": "8e4a8b36-f99b-4de1-a187-f792c9b5b4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51537", "type": "seen", "source": "https://gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e", "content": "# Security Advisory: CVE-2026-51537\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51537\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-125: Out-of-bounds Read\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn out-of-bounds read vulnerability exists in the Connection Manager handling of ForwardOpen requests in OpENer 2.3.0. A remotely crafted malformed CIP ForwardOpen request may cause the parser to read beyond the valid request buffer, leading to a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the Connection Manager and related message parsing logic, including `source/src/cip/cipconnectionmanager.c`, `source/src/cip/cipconnectionobject.c`, and `source/src/enet_encap/endianconv.c`, specifically the `ForwardOpenRoutine`, `ConnectionObjectInitializeFromMessage`, and low-level message read helper functions such as `GetByteFromMessage`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and completing session registration.\n\nThe attacker can then send a crafted `SendRRData` packet carrying a malformed `ForwardOpen` or `LargeForwardOpen` request. Due to insufficient validation of the remaining request length during parsing, the malformed request may cause the parser to read beyond the valid input buffer.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/564", "creation_timestamp": "2026-07-09T03:36:14.618242Z"}</description>
      <content:encoded>{"uuid": "8e4a8b36-f99b-4de1-a187-f792c9b5b4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51537", "type": "seen", "source": "https://gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e", "content": "# Security Advisory: CVE-2026-51537\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51537\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-125: Out-of-bounds Read\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn out-of-bounds read vulnerability exists in the Connection Manager handling of ForwardOpen requests in OpENer 2.3.0. A remotely crafted malformed CIP ForwardOpen request may cause the parser to read beyond the valid request buffer, leading to a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the Connection Manager and related message parsing logic, including `source/src/cip/cipconnectionmanager.c`, `source/src/cip/cipconnectionobject.c`, and `source/src/enet_encap/endianconv.c`, specifically the `ForwardOpenRoutine`, `ConnectionObjectInitializeFromMessage`, and low-level message read helper functions such as `GetByteFromMessage`.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and completing session registration.\n\nThe attacker can then send a crafted `SendRRData` packet carrying a malformed `ForwardOpen` or `LargeForwardOpen` request. Due to insufficient validation of the remaining request length during parsing, the malformed request may cause the parser to read beyond the valid input buffer.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/564", "creation_timestamp": "2026-07-09T03:36:14.618242Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8e4a8b36-f99b-4de1-a187-f792c9b5b4db/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:36:14 +0000</pubDate>
    </item>
    <item>
      <title>551d1b6e-8ec4-4f72-85b3-547affde1fed</title>
      <link>https://vulnerability.circl.lu/sighting/551d1b6e-8ec4-4f72-85b3-547affde1fed/export</link>
      <description>{"uuid": "551d1b6e-8ec4-4f72-85b3-547affde1fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51536", "type": "seen", "source": "https://gist.github.com/MrAlaskan/e160c626a32e03e5d9eddaa732560672", "content": "# Security Advisory: CVE-2026-51536\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51536\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-190: Integer Overflow or Wraparound; CWE-121: Stack-based Buffer Overflow\n* **Attack Type:** Remote\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn integer overflow and truncation vulnerability exists in the CIP message parsing logic of OpENer 2.3.0. A remotely crafted CIP packet may cause an invalid length value to be propagated during EPATH decoding, resulting in a stack-based buffer overflow and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the CIP message router and EPATH decoding logic, including `source/src/cip/cipmessagerouter.c` and `source/src/cip/cipcommon.c`, specifically the `NotifyMessageRouter`, `CreateMessageRouterRequestStructure`, and `DecodePaddedEPath` functions.\n\n## Attack Vectors\nA remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and establishing a standard CIP communication path, for example through a `ForwardOpen` request.\n\nThe attacker can then send a crafted `SendUnitData` request containing malicious length and path fields. Due to inconsistent length handling across the CIP message parsing call chain, the crafted packet may cause an invalid length value to be passed into the EPATH decoding logic. This can bypass bounds checks and trigger a stack-based buffer overflow.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/563", "creation_timestamp": "2026-07-09T03:32:56.982312Z"}</description>
      <content:encoded>{"uuid": "551d1b6e-8ec4-4f72-85b3-547affde1fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51536", "type": "seen", "source": "https://gist.github.com/MrAlaskan/e160c626a32e03e5d9eddaa732560672", "content": "# Security Advisory: CVE-2026-51536\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51536\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-190: Integer Overflow or Wraparound; CWE-121: Stack-based Buffer Overflow\n* **Attack Type:** Remote\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn integer overflow and truncation vulnerability exists in the CIP message parsing logic of OpENer 2.3.0. A remotely crafted CIP packet may cause an invalid length value to be propagated during EPATH decoding, resulting in a stack-based buffer overflow and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the CIP message router and EPATH decoding logic, including `source/src/cip/cipmessagerouter.c` and `source/src/cip/cipcommon.c`, specifically the `NotifyMessageRouter`, `CreateMessageRouterRequestStructure`, and `DecodePaddedEPath` functions.\n\n## Attack Vectors\nA remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and establishing a standard CIP communication path, for example through a `ForwardOpen` request.\n\nThe attacker can then send a crafted `SendUnitData` request containing malicious length and path fields. Due to inconsistent length handling across the CIP message parsing call chain, the crafted packet may cause an invalid length value to be passed into the EPATH decoding logic. This can bypass bounds checks and trigger a stack-based buffer overflow.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/563", "creation_timestamp": "2026-07-09T03:32:56.982312Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/551d1b6e-8ec4-4f72-85b3-547affde1fed/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:32:56 +0000</pubDate>
    </item>
    <item>
      <title>27f2fee5-a074-4fa6-886d-b53c679d6168</title>
      <link>https://vulnerability.circl.lu/sighting/27f2fee5-a074-4fa6-886d-b53c679d6168/export</link>
      <description>{"uuid": "27f2fee5-a074-4fa6-886d-b53c679d6168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51535", "type": "seen", "source": "https://gist.github.com/MrAlaskan/bec306c51fec9f777b2599f5dea09dd1", "content": "# Security Advisory: CVE-2026-51535\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51535\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-400: Uncontrolled Resource Consumption\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nA resource exhaustion (Denial of Service) vulnerability exists in the network processing loop of OpENer 2.3.0. \n\n## Affected Component\nThe TCP Network Handler in `source/src/ports/generic_networkhandler.c`, specifically the `HandleDataOnTcpSocket`, `CheckAndHandleTcpListenerSocket`, and `NetworkHandlerProcessCyclic` functions.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target slave can exploit this vulnerability by establishing a single TCP connection to the OpENer ENIP port (default TCP/44818) and sending a specially crafted, incomplete Ethernet/IP (ENIP) packet header. By intentionally withholding the remainder of the payload while keeping the connection open (a Slowloris-style attack), the attacker exploits the lack of non-blocking socket configurations to force the server's single-threaded network handler into an indefinite blocking state. This completely stalls the main event loop, resulting in a Denial of Service (DoS) that prevents the device from processing any other legitimate communications.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/562", "creation_timestamp": "2026-07-03T06:42:29.534324Z"}</description>
      <content:encoded>{"uuid": "27f2fee5-a074-4fa6-886d-b53c679d6168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51535", "type": "seen", "source": "https://gist.github.com/MrAlaskan/bec306c51fec9f777b2599f5dea09dd1", "content": "# Security Advisory: CVE-2026-51535\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51535\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-400: Uncontrolled Resource Consumption\n* **Attack Type:** Remote, Unauthenticated\n* **Impact:** Denial of Service (DoS)\n\n## Description\nA resource exhaustion (Denial of Service) vulnerability exists in the network processing loop of OpENer 2.3.0. \n\n## Affected Component\nThe TCP Network Handler in `source/src/ports/generic_networkhandler.c`, specifically the `HandleDataOnTcpSocket`, `CheckAndHandleTcpListenerSocket`, and `NetworkHandlerProcessCyclic` functions.\n\n## Attack Vectors\nAn unauthenticated, remote attacker with network access to the target slave can exploit this vulnerability by establishing a single TCP connection to the OpENer ENIP port (default TCP/44818) and sending a specially crafted, incomplete Ethernet/IP (ENIP) packet header. By intentionally withholding the remainder of the payload while keeping the connection open (a Slowloris-style attack), the attacker exploits the lack of non-blocking socket configurations to force the server's single-threaded network handler into an indefinite blocking state. This completely stalls the main event loop, resulting in a Denial of Service (DoS) that prevents the device from processing any other legitimate communications.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/562", "creation_timestamp": "2026-07-03T06:42:29.534324Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/27f2fee5-a074-4fa6-886d-b53c679d6168/export</guid>
      <pubDate>Fri, 03 Jul 2026 06:42:29 +0000</pubDate>
    </item>
  </channel>
</rss>
