Vulnerabilities ›

CVE-2026-10703

Medium

CWE-119 — Weakness Type

                    Published: Jun 3, 2026                      ·  Modified: Jun 6, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-10703 is a use-after-free vulnerability in EIPStackGroup OpENer (up to v2.3.0) affecting the SendRRData Handler component. With a CVSS score of 6.3 and publicly disclosed exploit details, this vulnerability poses a moderate risk to industrial control systems and IoT devices using this EtherNet/IP stack. Remote exploitation is possible, and no patch is currently available from the vendor.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 4, 2026 10:17

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations in critical sectors: (1) Energy sector (ARAMCO, downstream operators) using EtherNet/IP in SCADA/ICS environments; (2) Water and electricity utilities relying on industrial automation; (3) Manufacturing and petrochemical facilities; (4) Telecom infrastructure (STC, Mobily) if using affected stack in network equipment. The use-after-free vulnerability could lead to denial of service or remote code execution in industrial control systems, potentially disrupting critical infrastructure operations.

🏢 Affected Saudi Sectors

Energy (Oil & Gas, Utilities) Water and Wastewater Manufacturing Petrochemicals Telecommunications Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1499 - Denial of Service T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application T1040 - Network Sniffing T1570 - Lateral Tool Transfer

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all systems using EIPStackGroup OpENer up to v2.3.0, particularly in ICS/SCADA environments

2. Isolate affected systems from untrusted networks where possible

3. Implement network segmentation to restrict EtherNet/IP traffic to authorized sources only

4. Monitor for suspicious SendRRData Handler activity



Compensating Controls (until patch available):

5. Deploy network-based IDS/IPS rules to detect malformed EtherNet/IP messages targeting SendRRData Handler

6. Implement strict firewall rules limiting EtherNet/IP (port 44818/TCP-UDP) access

7. Enable detailed logging of EtherNet/IP communications

8. Consider upgrading to OpENer 2.3.1 or later when available



Detection Rules:

- Monitor for abnormal process termination or memory access violations in applications using OpENer

- Alert on unexpected EtherNet/IP CreateMessageRouter requests with malformed payloads

- Track application crashes correlating with EtherNet/IP traffic patterns

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع الأنظمة التي تستخدم EIPStackGroup OpENer حتى الإصدار 2.3.0، خاصة في بيئات ICS/SCADA

2. عزل الأنظمة المتأثرة عن الشبكات غير الموثوقة قدر الإمكان

3. تطبيق تقسيم الشبكة لتقييد حركة EtherNet/IP للمصادر المصرح بها فقط

4. مراقبة نشاط معالج SendRRData المريب



الضوابط البديلة (حتى توفر التصحيح):

5. نشر قواعد IDS/IPS على مستوى الشبكة للكشف عن رسائل EtherNet/IP المشوهة

6. تطبيق قواعد جدار الحماية الصارمة لتقييد وصول EtherNet/IP (المنفذ 44818)

7. تفعيل تسجيل مفصل لاتصالات EtherNet/IP

8. النظر في الترقية إلى OpENer 2.3.1 أو إصدار أحدث عند توفره



قواعد الكشف:

- مراقبة إنهاء العمليات غير الطبيعي أو انتهاكات الوصول إلى الذاكرة

- تنبيهات على طلبات CreateMessageRouter غير المتوقعة ذات الحمولات المشوهة

- تتبع أعطال التطبيقات المرتبطة بأنماط حركة EtherNet/IP

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.3.1 - Configuration management

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.IP-12 - Security awareness and training for ICS/SCADA DE.CM-1 - Detection and analysis of anomalies

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development and change management A.12.3.1 - Configuration management A.12.2.1 - Change management procedures

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates (if payment systems connected to ICS)

🔗 References & Sources 7

🔗

https://github.com/EIPStackGroup/OpENer/

cna@vuldb.com

🔗

https://github.com/EIPStackGroup/OpENer/issues/566

cna@vuldb.com

🔗

https://github.com/user-attachments/files/27100961/poc.zip

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-10703

cna@vuldb.com

🔗

https://vuldb.com/submit/830921

cna@vuldb.com

🔗

https://vuldb.com/vuln/368016

cna@vuldb.com

🔗

https://vuldb.com/vuln/368016/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-06-03

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10703

Introduce Yourself

Sign In Required