CVE-2024-34026
Published: 18 September 2024
Summary
CVE-2024-34026 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Openplcproject Openplc V3 Firmware. Its CVSS base score is 9.0 (Critical).
Operationally, ranked in the top 7.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A stack-based buffer overflow vulnerability exists in the EtherNet/IP parser of the OpenPLC Runtime component within OpenPLC version 3 at commit b4702061dc14d1024856f71b4543298d77007b88. The flaw, tracked under CWE-121 and CWE-787, is triggered by a specially crafted EtherNet/IP request and carries a CVSS 3.1 score of 9.0 reflecting network attack vector, high complexity, no required privileges or user interaction, and changed scope with high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can send a sequence of malicious EtherNet/IP requests to the affected parser and achieve remote code execution on the target system. The published EPSS score stands at 0.0870 with no material increase from an earlier lower value.
Detailed analysis and indicators are available in the Talos reports at the referenced URLs for TALOS-2024-2005.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34597
Vulnerability details
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this…
more
vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.