Cisco\u2019s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. <\/p>\n\n\n\n
These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code. OpenPLC is an open-source programmable logic controller (PLC) designed to offer a low-cost solution for industrial automation. It is widely used for automating machines and processes in industries like manufacturing, energy, and utilities.<\/p>\n\n\n\n
The most severe issue is a stack-based buffer overflow vulnerability, tracked as CVE-2024-34026<\/a> (CVSS score 9.0), that resides in the OpenPLC Runtime EtherNet\/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88.<\/p>\n\n\n\n
An attacker could trigger the vulnerability to achieve remote code execution.<\/p>\n\n\n\n
“A specially crafted EtherNet\/IP request can lead to remote code execution. An attacker can send a series of EtherNet\/IP requests to trigger this vulnerability.” reads the advisory<\/a>.<\/em><\/p>\n\n\n\n
The remaining DoS flaws discovered by Talos are tracked as CVE-2024-36980, CVE-2024-36981<\/a>,\u00a0CVE-2024-39589, and CVE-2024-39590<\/a>.\u00a0<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, RCE)<\/strong><\/p>\n\n\n\n