Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31400 (GCVE-0-2021-31400)
Vulnerability from cvelistv5 – Published: 2021-08-19 10:52 – Updated: 2024-08-03 22:55
VLAI
EPSS
Summary
An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).
Severity
7.5 (High)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.forescout.com/blog/new-critical-opera… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/608209 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T10:53:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31400",
"datePublished": "2021-08-19T10:52:57.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31400",
"date": "2026-06-08",
"epss": "0.00408",
"percentile": "0.6155"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3\", \"matchCriteriaId\": \"36A27EF5-D19C-4126-850C-89387A7A1410\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en la funci\\u00f3n tcp_pulloutofband() en el archivo tcp_in.c en HCC embedded InterNiche versi\\u00f3n 4.0.1. La funci\\u00f3n de procesamiento de datos urgentes de TCP fuera de banda invoca una funci\\u00f3n de p\\u00e1nico si el puntero al final de los datos fuera de banda apunta fuera de los datos del segmento TCP. Si la funci\\u00f3n de p\\u00e1nico no presenta una invocaci\\u00f3n de trampa eliminada, entrar\\u00e1 en un bucle infinito y por lo tanto causar\\u00e1 DoS (bucle continuo o un reinicio del dispositivo).\"}]",
"id": "CVE-2021-31400",
"lastModified": "2024-11-21T06:05:35.140",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-08-19T11:15:07.710",
"references": "[{\"url\": \"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/608209\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/608209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31400\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-19T11:15:07.710\",\"lastModified\":\"2024-11-21T06:05:35.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funci\u00f3n tcp_pulloutofband() en el archivo tcp_in.c en HCC embedded InterNiche versi\u00f3n 4.0.1. La funci\u00f3n de procesamiento de datos urgentes de TCP fuera de banda invoca una funci\u00f3n de p\u00e1nico si el puntero al final de los datos fuera de banda apunta fuera de los datos del segmento TCP. Si la funci\u00f3n de p\u00e1nico no presenta una invocaci\u00f3n de trampa eliminada, entrar\u00e1 en un bucle infinito y por lo tanto causar\u00e1 DoS (bucle continuo o un reinicio del dispositivo).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"36A27EF5-D19C-4126-850C-89387A7A1410\"}]}]}],\"references\":[{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
SEVD-2021-217-01
Vulnerability from csaf_se - Published: 2021-08-05 06:29 - Updated: 2023-05-09 06:29Summary
NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives
Notes
General Security Recommendations: We strongly recommend the following industry cybersecurity best practices.
https://www.se.com/us/en/download/document/7EN52-0390/
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information: This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER: THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric: At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.
We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.
We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.
www.se.com
Overview: Schneider Electric is aware of multiple vulnerabilities in HCC Embedded’s NicheStack TCP/IP third party component, which is integrated into Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products.
Failure to apply the mitigations provided below may risk denial of service of the drives.
February 2023 Update: A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Mitigation
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
No Fix Planned
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Mitigation
fix
Vendor Fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
References
3 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.\n\nWe provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.\n\nWe are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.\n\nwww.se.com ",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in HCC Embedded\u2019s NicheStack TCP/IP third party component, which is integrated into Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products.\nFailure to apply the mitigations provided below may risk denial of service of the drives.\nFebruary 2023 Update: A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)",
"title": "Overview"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cybersecurity@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives - SEVD-2021-217-01 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"category": "self",
"summary": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives - SEVD-2021-217-01 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2021-217-01.json"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"title": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives",
"tracking": {
"current_release_date": "2023-05-09T06:29:00.000Z",
"generator": {
"date": "2023-05-09T06:29:00.000Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2021-217-01",
"initial_release_date": "2021-08-05T06:29:08.000Z",
"revision_history": [
{
"date": "2021-08-05T06:29:08.000Z",
"number": "1.0.0",
"summary": "Original Release"
},
{
"date": "2022-02-08T06:29:08.000Z",
"number": "2.0.0",
"summary": "Added Altivar Profinet Communication Module (VW3A3627), Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) to the list of affected products."
},
{
"date": "2022-09-13T06:29:08.000Z",
"number": "3.0.0",
"summary": "A remediation is available for Lexium ILE, ILA, ILS drives and the affected communication module firmware version has been updated."
},
{
"date": "2023-02-14T06:30:00.000Z",
"number": "4.0.0",
"summary": "A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)"
},
{
"date": "2023-05-09T06:29:00.000Z",
"number": "5.0.0",
"summary": "A remediation is available for Altivar 32/320 \u0026 Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
}
],
"status": "final",
"version": "5.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.111",
"product": {
"name": "Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Lexium ILE ILA ILS communication drive"
},
{
"branches": [
{
"category": "product_version",
"name": "01.111",
"product": {
"name": "Schneider Electric Lexium ILE ILA ILS communication drive 01.111",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Lexium ILE ILA ILS communication drive"
},
{
"branches": [
{
"category": "product_version",
"name": "1.10.1",
"product": {
"name": "Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627) ",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.20IE01",
"product": {
"name": "Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
},
{
"branches": [
{
"category": "product_version",
"name": "V1.20IE01",
"product": {
"name": "Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Altivar 61/71 Profinet communication card (VW3A3327)"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31400",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616). We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\n\u2022 Implement a firewall to restrict network access to the drives\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\n\u2022 Configure the controller with dedicated access control lists as described below\nMore information to implement these mitigations can be found in the online help of the controllers at:\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.10.1 of Altivar 32/320/340/600/900 Profinet communication module includes a fix for these vulnerabilities.\nFor product release prior to V1.10.1, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information.",
"product_ids": [
"3"
],
"restart_required": {
"category": "none"
}
},
{
"category": "no_fix_planned",
"details": "This is an End Of Commercialization offer that is replaced by the ALTIVAR 900 \u0026 ALTIVAR 600 ranges.\nTo reduce risk of exploitation, apply the mitigations detailed in the Mitigations section.",
"product_ids": [
"5"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2021-31401",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2020-35683",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2020-35685",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2020-35684",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35684"
}
]
}
VDE-2021-009
Vulnerability from csaf_pilzgmbhcokg - Published: 2021-09-20 11:56 - Updated: 2025-05-14 13:00Summary
Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities
Notes
Summary: Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
Mitigation: It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Remediation: | Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Impact: Die Schwachstellen ermöglichen einem entfernten Angreifer:
- einen Neustart des Geräts auszulösen, was zu einer Denial-of-Service-Situation führt
- eine TCP-Verbindung zu kapern
### Betroffene Produkte und CVEs
| Produkt | Betroffen von CVEs |
|----------------------------------------------|--------------------|
| PSSu-Module für dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PSSu-Module für PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)
9.1 (Critical)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple products of PILZ utilise a third-party TCP/IP implementation - the \"Niche Ethernet Stack\". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.",
"title": "Summary"
},
{
"category": "description",
"text": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"title": "Mitigation"
},
{
"category": "description",
"text": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"title": "Remediation"
},
{
"category": "description",
"text": "Die Schwachstellen erm\u00f6glichen einem entfernten Angreifer:\n\n- einen Neustart des Ger\u00e4ts auszul\u00f6sen, was zu einer Denial-of-Service-Situation f\u00fchrt\n- eine TCP-Verbindung zu kapern\n\n### Betroffene Produkte und CVEs\n\n| Produkt | Betroffen von CVEs |\n|----------------------------------------------|--------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PSSu-Module f\u00fcr PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "Pilz advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/vde-2021-009"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-009.json"
}
],
"title": "Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-009"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-05T11:49:30.977Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-009",
"initial_release_date": "2021-09-20T11:56:00.000Z",
"revision_history": [
{
"date": "2021-09-20T11:56:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product": {
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"773103",
"773104*",
"773113",
"773116",
"773123",
"7731260"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m B1",
"product": {
"name": "PNOZ m B1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m ES ETH",
"product": {
"name": "PNOZ m ES ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ mmc1p ETH",
"product": {
"name": "PNOZ mmc1p ETH",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for decentralised E/A-System",
"product": {
"name": "PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"312041",
"312042",
"312043"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for PSS 4000",
"product": {
"name": "PSSu-Module for PSS 4000",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"31206*",
"312070*",
"312071*",
"312077",
"312085*",
"312087",
"31407*",
"314085",
"314086",
"314087",
"315070*",
"315071*",
"315085",
"315086",
"316010",
"316020"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Firmware \u003c1.22.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.2",
"product": {
"name": "Firmware \u003cv1.2",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.8",
"product": {
"name": "Firmware \u003cv1.8",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Firmware 1.22.2",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.8 installed on PNOZ m B1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.2 installed on PNOZ m ES ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PNOZ mmc1p ETH",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-31006",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35683"
}
]
}
VDE-2021-032
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-08-04 07:57 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC
Notes
Summary: Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher's community.
Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.
Impact: A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.
Mitigation: Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
9.1 (Critical)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc
www.nozominetworks.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc",
"summary": "discovered and reported",
"urls": [
"https://www.nozominetworks.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/v1/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher\u0027s community.\nPhoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-032"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-032.json"
}
],
"title": "PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC",
"tracking": {
"aliases": [
"VDE-2021-032"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-03-07T11:40:00.910Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-032",
"initial_release_date": "2021-08-04T07:57:00.000Z",
"revision_history": [
{
"date": "2021-08-04T07:57:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC 1050",
"product": {
"name": "AXC 1050",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2700988",
"2701295"
]
}
}
},
{
"category": "product_name",
"name": "EV-PLCC-AC1-DC1",
"product": {
"name": "EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1624130"
]
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "ILC1x0",
"product": {
"name": "ILC1x0",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "ILC1x1",
"product": {
"name": "ILC1x1",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2700973",
"2700974",
"2700975",
"2700976",
"2701034",
"2701141"
]
}
}
}
],
"category": "product_family",
"name": "ILC1x"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 1050",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x0",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x1",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2021-31227",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31227"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…