CVE-2023-7243
published 2024-03-01CVE-2023-7243: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.6th percentile
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write while analyzing specific Ethercat datagrams. This could allow an
attacker to cause arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisa | icsnpp-ethercat | <= d78dda6 | — |
| cisa | industrial_control_systems_network_protocol_parsers_ethercat_plugin_for_zeek | <= d78dda6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: out-of-bounds write occurs while analyzing specific Ethercat datagrams in the ICSNPP Ethercat Zeek Plugin (versions d78dda6 and prior). Monitor Zeek process for crashes or anomalous memory behavior when processing Ethercat (EtherType 0x88A4) traffic. ↗
- →The vulnerable code path is in the primary analyses function for Ethercat communication packets. Focus instrumentation/fuzzing on that parsing function in the plugin for anomalous write behavior. ↗
- →Patch indicator: confirm the installed ICSNPP Ethercat Zeek Plugin commit is 3bca34c or later; presence of commit d78dda6 or any earlier commit indicates a vulnerable deployment. ↗
- ·No known public exploitation has been reported at time of advisory publication; exploitation potential is assessed as remote/low-complexity based on CVSS scoring alone. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Ethercat Zeek Plugin
cisa_ics·2024-02-20·CVSS 9.8
[CRITICAL] Ethercat Zeek Plugin
ICS Advisory
##
Ethercat Zeek Plugin
Release DateFebruary 20, 2024
Alert CodeICSA-24-051-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CISA
- Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek
- Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following GitHub commits (versions) of ICSNPP - Ethercat Plugin, a plugin for Zeek, are affected:
- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin: versions d78dda6 and prior
## 3.2 Vulnerabilit
GHSA
GHSA-wm94-vqmp-vf4v: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write w
ghsa_unreviewed·2024-03-01
CVE-2023-7243 [CRITICAL] CWE-787 GHSA-wm94-vqmp-vf4v: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write w
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write while analyzing specific Ethercat datagrams. This could allow an
attacker to cause arbitrary code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-01
Published