CVE-2026-51537

EIPStackGroup · OpENer

An out-of-bounds read vulnerability in OpENer 2.3.0 allows unauthenticated attackers to cause a Denial of Service by sending malformed ForwardOpen or LargeForwardOpen CIP requests.

Executive summary

An unauthenticated remote attacker can cause a Denial of Service in OpENer 2.3.0 by sending a malformed CIP ForwardOpen request to the EtherNet/IP TCP port.

Vulnerability

The vulnerability is an out-of-bounds read occurring within the Connection Manager during the processing of malformed ForwardOpen requests. An unauthenticated attacker can exploit this by sending a crafted SendRRData packet to TCP port 44818.

Business impact

With a CVSS score of 9.1, this vulnerability poses a critical risk to operational continuity. By triggering an out-of-bounds read, an attacker can crash the service, leading to system downtime and potential loss of control over industrial processes managed by the affected stack.

Remediation

Immediate Action: Monitor https://github.com/EIPStackGroup/OpENer/issues/564 for patch availability and apply updates as soon as they are released by the vendor.

Proactive Monitoring: Implement deep packet inspection (DPI) where possible to identify and drop malformed CIP packets before they reach the OpENer stack.

Compensating Controls: Use network segmentation or access control lists (ACLs) to ensure that only trusted devices can communicate with the EtherNet/IP service on TCP port 44818.

Exploitation status

Public Exploit Available: Yes, a public proof-of-concept exists as referenced in the provided data.

Analyst recommendation

The critical nature of this vulnerability requires immediate attention. Security teams should verify if their infrastructure utilizes the affected version and prepare for an emergency update cycle once a fix is provided by the vendor.