CVE-2023-7242

EUVD-2023-59423

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat 
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds 
read during the process of analyzing a specific Ethercat packet. This 
could allow an attacker to crash the Zeek process and leak some 
information in memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cisaicsnpp-ethercat
𝑥
< d78dda6
ADP
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02
https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02