SB2023022401 - Multiple vulnerabilities in EIP Stack Group OpENer

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2022-43604)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the GetAttributeList attribute_count_request functionality. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

2) Out-of-bounds write (CVE-ID: CVE-2022-43605)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the SetAttributeList attribute_count_request functionality. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

3) Access of Uninitialized Pointer (CVE-ID: CVE-2022-43606)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access of uninitialized pointer in the Forward Open connection_management_entry functionality. A remote attacker can send a specially crafted EtherNet/IP request and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

• https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1661
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1662
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1663