CyberRota
← Ana sayfaya dön

CVE-2026-51536

UNKNOWN · CVSS N/A Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-13T22:16:47.263 · Çekilme zamanı: 2026-07-14T00:05:58.023984+00:00

CyberRota Yorumu

Bellek tüketimine neden olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-51536
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok

Orijinal NVD Açıklaması

In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP (Common Industrial Protocol) network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 (a 16-bit signed integer). If a maliciously crafted packet with specific length fields is processed, the length parameter can overflow or be truncated into a negative value. This negative length bypasses subsequent bounds checking (due to signed/unsigned comparison issues) and is ultimately used in memory operations, leading to a Stack Buffer Overflow when reading data in DecodePaddedEPath.