Zeek
by Zeek
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-7244 | Cri | 0.64 | 9.8 | 0.01 | Mar 1, 2024 | Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code… | ||
| CVE-2023-7243 | Cri | 0.64 | 9.8 | 0.01 | Mar 1, 2024 | Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution. | ||
| CVE-2023-7242 | Hig | 0.53 | 8.2 | 0.00 | Mar 1, 2024 | Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak… | ||
| CVE-2021-41732 | Hig | 0.49 | 7.5 | 0.01 | Sep 29, 2021 | An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended |
- risk 0.64cvss 9.8epss 0.01
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code…
- risk 0.64cvss 9.8epss 0.01
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.
- risk 0.53cvss 8.2epss 0.00
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended