Jared Rittle

**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 b4702061dc14d1024856f71b4543298d77007b88 **Description** An out-of-bounds read issue exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this issue. The vulnerability was exploited by taking the return value of a function, -1, as a `uint16 t` type, bypassing validation, and using it as an argument to the `memmove` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 (affected versions not specified) **Description** Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities. This instance of the vulnerability occurs within the `Protected Logical Write Reply` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 (affected versions not specified) **Description** Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities. This instance of the vulnerability occurs within the `Protected Logical Read Reply` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 version b4702061dc14d1024856f71b4543298d77007b88 **Description** An out-of-bounds read issue exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this issue. **Recommendations** For OpenPLC v3 version b4702061dc14d1024856f71b4543298d77007b88, as a temporary workaround, consider restricting access to the EtherNet/IP PCCC parser functionality until a patch is available. Avoid using the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: OpenPLC version v3 b4702061dc14d1024856f71b4543298d77007b88 Description: A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality. This vulnerability can be exploited by sending a specially crafted EtherNet/IP request, leading to remote code execution. An attacker can trigger this vulnerability by sending a series of EtherNet/IP requests. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 19.00.0057 **Description** A file write issue exists in the OAS Engine Save Security Configuration functionality. This can be triggered by a specially crafted series of network requests, leading to arbitrary file creation or overwrite. An attacker can exploit this by sending a sequence of requests. **Recommendations** For version 19.00.0057, consider restricting access to the Save Security Configuration functionality until a fix is available. As a temporary workaround, monitor network requests to the OAS Engine closely to detect and prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 19.00.0057 **Description** An improper input validation issue exists in the OAS Engine User Configuration functionality. This can be exploited by sending a specially crafted series of network requests, leading to unexpected data in the configuration. **Recommendations** For version 19.00.0057, consider restricting access to the OAS Engine User Configuration functionality until a fix is available. As a temporary workaround, review and validate all network requests to prevent unexpected data in the configuration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 19.00.0057 **Description** A denial of service issue exists in the OAS Engine File Data Source Configuration functionality. It can be triggered by a specially crafted series of network requests, causing the program to stop. An attacker can exploit this by sending a sequence of requests. **Recommendations** For version 19.00.0057, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 19.00.0057 **Description** A file write issue exists in the OAS Engine Tags Configuration functionality. This can be exploited by sending a specially crafted series of network requests, leading to arbitrary file creation or overwrite. **Recommendations** For version 19.00.0057, consider restricting access to the OAS Engine Tags Configuration functionality until a fix is available. As a temporary workaround, monitor network requests to detect and prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** EIP Stack Group OpENer development commit 58ee13c **Description** An out-of-bounds write issue exists in the SetAttributeList `attribute count request` functionality. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allowing for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this issue. **Recommendations** For EIP Stack Group OpENer development commit 58ee13c, consider restricting access to the `SetAttributeList` functionality until a patch is available. As a temporary workaround, avoid using the `attribute count request` functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EIP Stack Group OpENer version 58ee13c **Description** A use-of-uninitialized-pointer issue exists in the Forward Open connection management entry functionality. This can be triggered by a specially-crafted EtherNet/IP request, leading to the use of a null pointer and causing the server to crash. An attacker can exploit this by sending a series of EtherNet/IP requests. **Recommendations** For EIP Stack Group OpENer version 58ee13c, consider disabling the Forward Open connection management entry functionality until a patch is available to prevent the server from crashing due to specially-crafted EtherNet/IP requests.

**Name of the Vulnerable Software and Affected Versions** EIP Stack Group OpENer development commit 58ee13c **Description** An out-of-bounds write issue exists in the GetAttributeList `attribute count request` functionality. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allowing for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this issue. **Recommendations** For EIP Stack Group OpENer development commit 58ee13c, consider restricting access to the `GetAttributeList` functionality until a patch is available. As a temporary workaround, avoid using the `attribute count request` functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 16.00.0112 **Description** A cleartext transmission of sensitive information issue exists in the OAS Engine configuration communications functionality. This can be exploited through a targeted network sniffing attack, leading to the disclosure of sensitive information. An attacker can trigger this issue by sniffing network traffic. **Recommendations** For Open Automation Software OAS Platform version 16.00.0112, consider implementing encryption for the OAS Engine configuration communications to prevent cleartext transmission of sensitive information. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 16.00.0112 **Description** A denial of service issue exists in the OAS Engine SecureConfigValues functionality. It can be triggered by a specially-crafted network request, leading to a loss of communications. **Recommendations** For version 16.00.0112, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 16.00.0112 **Description** An information disclosure issue exists in the OAS Engine SecureTransferFiles functionality. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this issue. **Recommendations** For version 16.00.0112, consider restricting access to the SecureTransferFiles functionality until a fix is available. As a temporary workaround, limit the ability to send sequences of requests to the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 16.00.0112 **Description** An information disclosure issue exists in the OAS Engine SecureBrowseFile functionality. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this issue. **Recommendations** For version 16.00.0112, consider restricting access to the SecureBrowseFile functionality until a patch is available. As a temporary workaround, avoid using the OAS Engine SecureBrowseFile functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version V16.00.0112 **Description** A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality, allowing remote code execution through a specially-crafted series of network requests. The vulnerability is also related to a lack of authentication for a critical function, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Open Automation Software OAS Platform version V16.00.0112, consider disabling the SecureTransferFiles functionality until a patch is available to prevent remote code execution. Restrict access to critical functions that lack authentication to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version 16.00.0121 **Description** The issue is related to an improper authentication vulnerability in the REST API functionality. This vulnerability can be triggered by a specially-crafted series of HTTP requests, leading to unauthenticated use of the REST API. An attacker can exploit this by sending a series of HTTP requests, potentially allowing remote execution of arbitrary code. **Recommendations** For Open Automation Software OAS Platform version 16.00.0121, consider disabling the REST API functionality until a patch is available to prevent unauthenticated use. Restrict access to the REST API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version V16.00.0112 **Description** The issue concerns the OAS Engine SecureAddUser functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a specially-crafted series of network requests to create an OAS user account, potentially leading to unauthorized system access. **Recommendations** For Open Automation Software OAS Platform version V16.00.0112, consider disabling the SecureAddUser functionality until a patch is available to prevent exploitation. Restrict access to the OAS Engine to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Automation Software OAS Platform version V16.00.0112 **Description** The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a specially-crafted series of network requests to create a custom Security Group, potentially leading to unauthorized access to the system. **Recommendations** For Open Automation Software OAS Platform version V16.00.0112, consider restricting access to the OAS Engine SecureAddSecurity functionality until a patch is available. As a temporary workaround, implement additional authentication checks for critical functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.