CVE-2022-43606

Summary

A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer, causing the server to crash. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
EIP Stack GroupOpENerdevelopment commit 58ee13caffected

Weaknesses

  • CWE-824: CWE-824: Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References