How severe is CVE-2024-39589?

CVE-2024-39589 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-39589

Name: openplc_v3_firmware
Author: openplcproject

7.5HIGH

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/

公開日: 9/18/2024更新日: 11/4/2025

説明

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function

AI分析AIによる分析

影響を受ける製品

openplcprojectopenplc_v3_firmware

2024-05-28

参照

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2016
ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2016