CVE-2022-43606
published 2023-03-16CVE-2022-43606: A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
8.05%
94.1th percentile
A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer, causing the server to crash. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eip_stack_group | opener | — | — |
| opener_project | opener | < 2022-10-18 | 2022-10-18 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
blogs_talos·2023-02-23·CVSS 10.0
CVE-2022-43605 [CRITICAL] Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
Cisco Talos recently discovered three vulnerabilities in EIP Stack Group OpENer, an ethernet/IP stack for I/O adapter devices, that could allow an attacker to cause a targeted server to crash or open the door to remote code execution.
Two of the vulnerabilities, TALOS-2022-1662 (CVE-2022-43605) and TALOS-2022-1661 (CVE-2022-43604) are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.
An adversary could exploit either of these vulnerabilities with an ethernet/IP request targeted at two functions on the software. These malicious requests could lead to an out-of-bounds write, potentially causing the server to crash or allowing the adversary to execute remote code on the targeted server.
TALOS-2022-1663 (CVE-2022-43606) is also caused by a spec
Talos
Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
blogs_talos·2023-02-23·CVSS 10.0
CVE-2022-43605 [CRITICAL] Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
## Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
Cisco Talos recently discovered three vulnerabilities in EIP Stack Group OpENer, an ethernet/IP stack for I/O adapter devices, that could allow an attacker to cause a targeted server to crash or open the door to remote code execution.
Two of the vulnerabilities, TALOS-2022-1662 (CVE-2022-43605) and TALOS-2022-1661 (CVE-2022-43604) are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.
An adversary could exploit either of these vulnerabilities with an ethernet/IP request targeted at two functions on the software. These malicious requests could lead to an out-of-bounds write, potentially causing the server to crash or allowing the adversary to
2023-03-16
Published