CVE-2022-43501 – This vulnerability in the KASAGO TCP/IP stack a... (How to Fix)

Q: What is the severity of CVE-2022-43501?

CVE-2022-43501 has a CVSS score of 9.1 (CRITICAL). This vulnerability in the KASAGO TCP/IP stack allows attackers to predict TCP Initial Sequence Numbers (ISNs) due to insufficient randomness. Attackers can hijack existing TCP connections or spoof new ones, affecting systems using Zuken Elmic's vulnerable TCP/IP implementation. This impacts embedded devices and industrial control systems that rely on this stack.

📋 TL;DR

This vulnerability in the KASAGO TCP/IP stack allows attackers to predict TCP Initial Sequence Numbers (ISNs) due to insufficient randomness. Attackers can hijack existing TCP connections or spoof new ones, affecting systems using Zuken Elmic's vulnerable TCP/IP implementation. This impacts embedded devices and industrial control systems that rely on this stack.

💻 Affected Systems

Products:

KASAGO TCP/IP stack by Zuken Elmic

Versions: All versions prior to patched version

Operating Systems: Embedded systems using KASAGO stack

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices implementing the vulnerable TCP/IP stack, typically in industrial and embedded contexts.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network session takeover allowing data interception, manipulation, or denial of service across affected systems.

🟠

Likely Case

Session hijacking on vulnerable systems leading to data theft or unauthorized access to network services.

🟢

If Mitigated

Limited impact if network segmentation and monitoring prevent external access to vulnerable systems.

🌐 Internet-Facing: HIGH - Internet-exposed systems are directly vulnerable to remote connection hijacking.

🏢 Internal Only: MEDIUM - Internal systems remain vulnerable to insider threats or compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access and ability to observe/analyze TCP sequence numbers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.elwsc.co.jp/news/6352

Restart Required: Yes

Instructions:

1. Contact Zuken Elmic for patched KASAGO stack version. 2. Update affected firmware/software. 3. Restart affected devices.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable systems from untrusted networks

Encryption Layer

all

Implement TLS/SSL or VPN to protect TCP sessions

🧯 If You Can't Patch

Implement strict network access controls and monitoring
Use application-layer authentication and encryption

🔍 How to Verify

Check if Vulnerable:

Check if system uses KASAGO TCP/IP stack via vendor documentation or device specifications

Check Version:

Vendor-specific command or firmware check

Verify Fix Applied:

Verify with vendor that patched stack version is installed and functioning

📡 Detection & Monitoring

Log Indicators:

Unexpected TCP connection resets
Multiple failed connection attempts from same source

Network Indicators:

Unusual TCP sequence number patterns
Spoofed TCP packets

SIEM Query:

Search for TCP RST packets with unusual sequence numbers or connection hijacking patterns

📊 Metadata

CVE ID: CVE-2022-43501

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-330

Published: February 10, 2023

Last Updated: March 24, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU99551468/ Third Party Advisory
https://www.elwsc.co.jp/news/6352 Vendor Advisory
https://jvn.jp/en/vu/JVNVU99551468/ Third Party Advisory
https://www.elwsc.co.jp/news/6352 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43501, you might also want to check these: