CVE-2023-7244
published 2024-03-01CVE-2023-7244: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.6th percentile
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write in their primary analyses function for Ethercat communication
packets. This could allow an attacker to cause arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisa | icsnpp-ethercat | <= d78dda6 | — |
| cisa | industrial_control_systems_network_protocol_parsers_ethercat_plugin_for_zeek | <= d78dda6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: out-of-bounds write occurs in the primary analyses function when processing Ethercat communication packets — monitor Zeek process for crashes or memory corruption when handling Ethercat traffic ↗
- →Vulnerable version anchor: ICSNPP Ethercat Zeek Plugin at commit d78dda6 or prior is exploitable; flag or alert on deployments running this commit ↗
- →Safe version anchor: update to commit 3bca34c or later to remediate; use this as a detection baseline for unpatched systems ↗
- →Attack vector is fully remote with no authentication or user interaction required (AV:N/AC:L/PR:N/UI:N); any network-accessible Zeek sensor parsing Ethercat traffic is exposed — monitor for anomalous Ethercat packets reaching Zeek sensors ↗
- ·No known public exploitation has been reported at time of advisory publication; threat is theoretical but critical (CVSS 9.8) ↗
- ·The vulnerability is in the Zeek plugin layer, not in Ethercat devices themselves — exploitation requires the attacker to be able to send crafted Ethercat packets to a network segment monitored by a vulnerable Zeek sensor ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xp9h-4mhq-37w4: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write i
ghsa_unreviewed·2024-03-01
CVE-2023-7244 [CRITICAL] CWE-787 GHSA-xp9h-4mhq-37w4: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write i
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write in their primary analyses function for Ethercat communication
packets. This could allow an attacker to cause arbitrary code execution.
CISA ICS
Ethercat Zeek Plugin
cisa_ics·2024-02-20·CVSS 9.8
[CRITICAL] Ethercat Zeek Plugin
ICS Advisory
##
Ethercat Zeek Plugin
Release DateFebruary 20, 2024
Alert CodeICSA-24-051-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CISA
- Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek
- Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following GitHub commits (versions) of ICSNPP - Ethercat Plugin, a plugin for Zeek, are affected:
- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin: versions d78dda6 and prior
## 3.2 Vulnerabilit
No detection rules found.
No public exploits indexed.
2024-03-01
Published