{"vulnerability": "CVE-2026-51536", "sightings": [{"uuid": "551d1b6e-8ec4-4f72-85b3-547affde1fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-51536", "type": "seen", "source": "https://gist.github.com/MrAlaskan/e160c626a32e03e5d9eddaa732560672", "content": "# Security Advisory: CVE-2026-51536\n\n## Vulnerability Information\n* **CVE ID:** CVE-2026-51536\n* **Vendor:** EIPStackGroup\n* **Product:** OpENer (Version 2.3.0, commit 76b95cf)\n* **Vulnerability Type:** CWE-190: Integer Overflow or Wraparound; CWE-121: Stack-based Buffer Overflow\n* **Attack Type:** Remote\n* **Impact:** Denial of Service (DoS)\n\n## Description\nAn integer overflow and truncation vulnerability exists in the CIP message parsing logic of OpENer 2.3.0. A remotely crafted CIP packet may cause an invalid length value to be propagated during EPATH decoding, resulting in a stack-based buffer overflow and a Denial of Service condition.\n\n## Affected Component\nThe vulnerability affects the CIP message router and EPATH decoding logic, including `source/src/cip/cipmessagerouter.c` and `source/src/cip/cipcommon.c`, specifically the `NotifyMessageRouter`, `CreateMessageRouterRequestStructure`, and `DecodePaddedEPath` functions.\n\n## Attack Vectors\nA remote attacker with network access to the target OpENer instance can exploit this vulnerability by connecting to the EtherNet/IP TCP port, typically TCP/44818, and establishing a standard CIP communication path, for example through a `ForwardOpen` request.\n\nThe attacker can then send a crafted `SendUnitData` request containing malicious length and path fields. Due to inconsistent length handling across the CIP message parsing call chain, the crafted packet may cause an invalid length value to be passed into the EPATH decoding logic. This can bypass bounds checks and trigger a stack-based buffer overflow.\n\nSuccessful exploitation can crash the OpENer process and deny service to legitimate industrial communication clients.\n\n## References\n* GitHub Issue: https://github.com/EIPStackGroup/OpENer/issues/563", "creation_timestamp": "2026-07-09T03:32:56.982312Z"}]}