Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities

Jared Rittle of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered three vulnerabilities in EIP Stack Group OpENer, an ethernet/IP stack for I/O adapter devices, that could allow an attacker to cause a targeted server to crash or open the door to remote code execution.

Two of the vulnerabilities, TALOS-2022-1662 (CVE-2022-43605) and TALOS-2022-1661 (CVE-2022-43604) are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.

An adversary could exploit either of these vulnerabilities with an ethernet/IP request targeted at two functions on the software. These malicious requests could lead to an out-of-bounds write, potentially causing the server to crash or allowing the adversary to execute remote code on the targeted server.

TALOS-2022-1663 (CVE-2022-43606) is also caused by a specially crafted ethernet/IP request, but in this case, could lead to the use of a null pointer, potentially causing the server to crash.

Cisco Talos worked with EIP Stack Group to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: EIP Stack Group OpENer, development commit 58ee13c. Talos tested and confirmed these versions of OpENer could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against this vulnerability: 60983 - 60985. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.