CVE-2022-43606 – A use-of-uninitialized-pointer vulnerability in... (How to Fix)

Q: What is the severity of CVE-2022-43606?

CVE-2022-43606 has a CVSS score of 7.5 (HIGH). A use-of-uninitialized-pointer vulnerability in EIP Stack Group OpENer's Forward Open connection management allows attackers to crash the server by sending specially-crafted EtherNet/IP requests. This affects industrial control systems and devices using vulnerable versions of the OpENer EtherNet/IP stack. The vulnerability requires network access to the target system.

📋 TL;DR

A use-of-uninitialized-pointer vulnerability in EIP Stack Group OpENer's Forward Open connection management allows attackers to crash the server by sending specially-crafted EtherNet/IP requests. This affects industrial control systems and devices using vulnerable versions of the OpENer EtherNet/IP stack. The vulnerability requires network access to the target system.

💻 Affected Systems

Products:

EIP Stack Group OpENer

Versions: Development commit 58ee13c and likely earlier versions

Operating Systems: Any OS running OpENer stack

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using OpENer for EtherNet/IP communications, commonly found in industrial control systems, PLCs, and IoT devices.

📦 What is this software?

Opener by Opener Project

View all CVEs affecting Opener →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing industrial process disruption, potentially leading to safety incidents or production downtime in critical infrastructure.

🟠

Likely Case

Service disruption through server crashes requiring manual restart, impacting operational continuity in industrial environments.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, allowing quick detection and recovery from crashes.

🌐 Internet-Facing: HIGH - Directly exposed EtherNet/IP services can be crashed remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems can exploit this to disrupt operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending crafted EtherNet/IP packets to the vulnerable service. Public details available in Talos reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in later commits after 58ee13c

Vendor Advisory: https://github.com/EIPStackGroup/OpENer

Restart Required: Yes

Instructions:

1. Update to latest OpENer version from GitHub repository. 2. Rebuild and redeploy affected applications. 3. Restart services using the updated stack.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EtherNet/IP services from untrusted networks using firewalls or VLANs.

Access Control Lists

all

Restrict access to EtherNet/IP ports (typically TCP/UDP 44818) to authorized systems only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems monitoring for EtherNet/IP protocol anomalies

🔍 How to Verify

Check if Vulnerable:

Check OpENer version/commit hash against vulnerable version 58ee13c. Review system logs for crashes related to EtherNet/IP services.

Check Version:

Check application documentation or build information for OpENer version details

Verify Fix Applied:

Verify updated to commit after 58ee13c. Test with EtherNet/IP requests to confirm service stability.

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
Segmentation faults in EtherNet/IP processes
Connection resets on port 44818

Network Indicators:

Malformed EtherNet/IP packets
Multiple connection attempts to port 44818
Unusual traffic patterns to industrial protocols

SIEM Query:

source="*" ("OpENer" OR "EtherNet/IP") AND ("crash" OR "segfault" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2022-43606

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-824

Published: March 16, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1663 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1663 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1663

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43606, you might also want to check these: