Cameron Whitehead

**Name of the Vulnerable Software and Affected Versions** Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior **Description** The issue is related to an out-of-bounds write in the primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior, consider disabling the primary analyses function for Ethercat communication packets as a temporary workaround until a patch is available. Restrict access to the vulnerable Zeek plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior **Description** The issue is related to an out-of-bounds write while analyzing specific Ethercat datagrams, which could allow an attacker to cause arbitrary code execution. This is a critical issue that may be exploited by a remote attacker. **Recommendations** For Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior, consider disabling the vulnerable Zeek plugin until a patch is available to prevent arbitrary code execution. Restrict access to the Ethercat datagram analysis functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zeek Plugin versions d78dda6 and prior **Description** The issue is related to an out-of-bounds read during the analysis of a specific Ethercat packet, which could allow an attacker to crash the Zeek process and leak some information in memory. This could potentially lead to a denial of service or unauthorized access to protected information. **Recommendations** For Zeek Plugin versions d78dda6 and prior, consider disabling the affected Ethercat packet analysis functionality until a patch is available. Restrict access to the vulnerable Zeek Plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.