CVE-2026-51541
EIPStackGroup · OpENer
An out-of-bounds read vulnerability in OpENer 2.3.0 during CIP message parsing allows attackers to crash the service via malformed ENIP SendRRData frames.
Executive summary
A critical out-of-bounds read vulnerability in OpENer 2.3.0 poses a significant risk of service disruption through malformed CIP request exploitation.
Vulnerability
This is an out-of-bounds read vulnerability in the CIP message parsing logic. An unauthenticated attacker can send a crafted ENIP SendRRData frame with a forged EPath size, forcing the parser to read beyond the designated buffer and causing the process to crash.
Business impact
With a CVSS score of 9.1, this vulnerability is critical. Successful exploitation leads to a crash of the OpENer process, resulting in a complete loss of communication for the affected industrial device. This can cause severe operational downtime and requires immediate attention to ensure system availability.
Remediation
Immediate Action: Review the issue tracker at https://github.com/EIPStackGroup/OpENer/issues/582 for patch availability and apply the fix to all affected deployments.
Proactive Monitoring: Monitor industrial network traffic for malformed ENIP or CIP packets and set up alerts for unexpected process terminations or restarts.
Compensating Controls: Utilize industrial firewalls or deep packet inspection (DPI) solutions to validate ENIP/CIP traffic and block malformed packets before they reach the application.
Exploitation status
Public Exploit Available: Yes — referenced in public GitHub repositories.
Analyst recommendation
This vulnerability represents a critical risk to industrial communication stability. Administrators should prioritize upgrading the OpENer stack to a patched version once released and apply network-level filtering to block malicious traffic patterns in the interim.