CVE-2023-7244

Name of the Vulnerable Software and Affected Versions Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior

Description The issue is related to an out-of-bounds write in the primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior, consider disabling the primary analyses function for Ethercat communication packets as a temporary workaround until a patch is available. Restrict access to the vulnerable Zeek plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.