CVE-2022-43604

2023-03-1621:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-43604

vulnerability

out-of-bounds write

eip stack group opener

remote code execution

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

eip_stack_groupopenerRange≤development commit 58ee13c

CPENameOperatorVersion
opener_project:openeropener project openerlt2022-10-18

CPE	Name	Operator	Version
opener_project:opener	opener project opener	lt	2022-10-18

CNA Affected

[
  {
    "vendor": "EIP Stack Group",
    "product": "OpENer",
    "versions": [
      {
        "version": "development commit 58ee13c",
        "status": "affected"
      }
    ]
  }
]