CVE-2026-51537
Summary
| CVE | CVE-2026-51537 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-13 22:16:47 UTC |
| Updated | 2026-07-13 22:16:47 UTC |
| Description | EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser to continue reading fields even when request data is insufficient. This issue is remotely triggerable via network traffic and does not require authentication. |
Risk And Classification
Problem Types: n/a
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/EIPStackGroup/OpENer/issues/564 | [email protected] | github.com | |
| gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e | [email protected] | gist.github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.