How severe is CVE-2024-39590?

CVE-2024-39590 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-39590

Name: openplc_v3_firmware
Author: openplcproject

7.5HIGH

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/

Publicado: 9/18/2024Atualizado: 11/4/2025

Descrição

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function

Análise IADesenvolvido por IA

Produtos Afetados

openplcprojectopenplc_v3_firmware

2024-05-28

Referências

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2016
ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2016