cbcvebase.
CVE-2023-7243
published 2024-03-01

CVE-2023-7243: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.6th percentile
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
cisaicsnpp-ethercat<= d78dda6
cisaindustrial_control_systems_network_protocol_parsers_ethercat_plugin_for_zeek<= d78dda6

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: out-of-bounds write occurs while analyzing specific Ethercat datagrams in the ICSNPP Ethercat Zeek Plugin (versions d78dda6 and prior). Monitor Zeek process for crashes or anomalous memory behavior when processing Ethercat (EtherType 0x88A4) traffic.
  • The vulnerable code path is in the primary analyses function for Ethercat communication packets. Focus instrumentation/fuzzing on that parsing function in the plugin for anomalous write behavior.
  • Patch indicator: confirm the installed ICSNPP Ethercat Zeek Plugin commit is 3bca34c or later; presence of commit d78dda6 or any earlier commit indicates a vulnerable deployment.
  • ·No known public exploitation has been reported at time of advisory publication; exploitation potential is assessed as remote/low-complexity based on CVSS scoring alone.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.