Vulnerability Description
An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opener Project | Opener | < 2022-10-18 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1661ExploitThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1661ExploitThird Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1661
FAQ
What is CVE-2022-43604?
CVE-2022-43604 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request ...
How severe is CVE-2022-43604?
CVE-2022-43604 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-43604?
Check the references section above for vendor advisories and patch information. Affected products include: Opener Project Opener.