CVE-2022-43604

Name of the Vulnerable Software and Affected Versions EIP Stack Group OpENer development commit 58ee13c

Description An out-of-bounds write issue exists in the GetAttributeList attribute count request functionality. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allowing for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this issue.

Recommendations For EIP Stack Group OpENer development commit 58ee13c, consider restricting access to the GetAttributeList functionality until a patch is available. As a temporary workaround, avoid using the attribute count request functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.