Incorrect Type Conversion or Cast

CVE-2024-39590

High

7.5/10

Summary

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory Timeline

Published Sep 18, 2024

Incorrect Type Conversion or Cast

CVE-2024-39590

Summary

CWE-704 - Incorrect Type Conversion or Cast

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS