CVE-2022-1737 - Vulnerability Details - OpenCVE

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pyramidsolutions	Netstax Ethernet\/ip Adapter Development Kit Netstax Ethernet\/ip Adapter Dll Kit Netstax Ethernet\/ip Scanner Development Kit Netstax Ethernet\/ip Scanner Dll Kit

Configuration 1 [-]

OR	cpe:2.3:a:pyramidsolutions:netstax_ethernet\/ip_adapter_development_kit::::::::
	cpe:2.3:a:pyramidsolutions:netstax_ethernet\/ip_adapter_dll_kit::::::::
	cpe:2.3:a:pyramidsolutions:netstax_ethernet\/ip_scanner_development_kit::::::::
	cpe:2.3:a:pyramidsolutions:netstax_ethernet\/ip_scanner_dll_kit::::::::

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-07-12T20:41:46

Updated: 2024-08-03T00:16:58.997Z

Reserved: 2022-05-16T00:00:00

Link: CVE-2022-1737

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-12T21:15:09.333

Modified: 2024-11-21T06:41:21.480

Link: CVE-2022-1737

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EtherNet/IP Adapter Development Kit (EADK)", "vendor": "Pyramid Solutions", "versions": [{"lessThanOrEqual": "4.4.0", "status": "affected", "version": "all", "versionType": "custom"}]}, {"product": "EtherNet/IP Adapter DLL Kit (EIPA)", "vendor": "Pyramid Solutions", "versions": [{"lessThanOrEqual": "4.4.0", "status": "affected", "version": "all", "versionType": "custom"}]}, {"product": "EtherNet/IP Scanner Development Kit (EDKS)", "vendor": "Pyramid Solutions", "versions": [{"status": "affected", "version": "all 4.4.0"}]}, {"product": "EtherNet/IP Scanner DLL Kit (EIPS)", "vendor": "Pyramid Solutions", "versions": [{"status": "affected", "version": "all 4.4.0"}]}], "credits": [{"lang": "en", "value": "Weidmueller reported this vulnerability to CERT@VDE"}], "descriptions": [{"lang": "en", "value": "Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T20:41:46", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04"}], "source": {"advisory": "ICSA-22-174-04", "discovery": "UNKNOWN"}, "title": "Pyramid Solutions EtherNet/IP Adapter Development Kit Out-of-bound Write", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1737", "STATE": "PUBLIC", "TITLE": "Pyramid Solutions EtherNet/IP Adapter Development Kit Out-of-bound Write"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EtherNet/IP Adapter Development Kit (EADK)", "version": {"version_data": [{"version_affected": "<=", "version_name": "all", "version_value": "4.4.0"}]}}, {"product_name": "EtherNet/IP Adapter DLL Kit (EIPA)", "version": {"version_data": [{"version_affected": "<=", "version_name": "all", "version_value": "4.4.0"}]}}, {"product_name": "EtherNet/IP Scanner Development Kit (EDKS)", "version": {"version_data": [{"version_name": "all", "version_value": "4.4.0"}]}}, {"product_name": "EtherNet/IP Scanner DLL Kit (EIPS)", "version": {"version_data": [{"version_name": "all", "version_value": "4.4.0"}]}}]}, "vendor_name": "Pyramid Solutions"}]}}, "credit": [{"lang": "eng", "value": "Weidmueller reported this vulnerability to CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04"}]}, "source": {"advisory": "ICSA-22-174-04", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:58.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1737", "datePublished": "2022-07-12T20:41:46", "dateReserved": "2022-05-16T00:00:00", "dateUpdated": "2024-08-03T00:16:58.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyramidsolutions:netstax_ethernet\\/ip_adapter_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "763F9278-878B-4BF1-84DD-C9C565D385F0", "versionEndIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyramidsolutions:netstax_ethernet\\/ip_adapter_dll_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DD78FAD-074D-441F-9C9C-8C5C9EEA2307", "versionEndIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyramidsolutions:netstax_ethernet\\/ip_scanner_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "83226D5C-7BE8-43F9-95FA-852591870AB4", "versionEndIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyramidsolutions:netstax_ethernet\\/ip_scanner_dll_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "7908B85F-CD02-4E00-A277-A88C1065AE39", "versionEndIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition."}, {"lang": "es", "value": "Los productos afectados de Pyramid Solutions, los kits de desarrollador y DLL para el adaptador EtherNet/IP y el esc\u00e1ner EtherNet/IP, son vulnerables a una escritura fuera de l\u00edmites, que puede permitir a un atacante no autorizado enviar un paquete especialmente dise\u00f1ado que puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2022-1737", "lastModified": "2024-11-21T06:41:21.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-12T21:15:09.333", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}