CVEFinder.io

CVE-2024-34026

⛔ critical
🔍 Scan for this CVE
Summary

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

CVSS Score
9.0
Critical
EPSS Score
6.6
Exploit Probability
Published Date
2024-09-18
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 328,009 vulnerabilities in our database.

#40,306
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 18, 2024
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Discovered by Jared Rittle of Cisco Talos.
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-121 CWE-787

📦 Affected Products 1

Vendor Product Status Affected Versions
openplcproject openplc_v3_firmware Affected
v2024-04-04

🔗 References 2

https://talosintelligence.com/vulnerability_reports/...
Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_repo...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-31156 🔶 medium 6.5 0.0 A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com... 2026-05-13
CVE-2024-36980 ⚠️ high 7.5 0.4 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4... 2024-09-18
CVE-2024-36981 ⚠️ high 7.5 0.2 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4... 2024-09-18
CVE-2024-39589 ⚠️ high 7.5 0.2 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of Op... 2024-09-18
CVE-2024-39590 ⚠️ high 7.5 0.2 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of Op... 2024-09-18
CVE-2024-37741 🔶 medium 5.4 0.4 OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. 2024-06-28
These CVEs affect the same products