CVE-2023-7243

Name of the Vulnerable Software and Affected Versions Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior

Description The issue is related to an out-of-bounds write while analyzing specific Ethercat datagrams, which could allow an attacker to cause arbitrary code execution. This is a critical issue that may be exploited by a remote attacker.

Recommendations For Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior, consider disabling the vulnerable Zeek plugin until a patch is available to prevent arbitrary code execution. Restrict access to the Ethercat datagram analysis functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.