Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31401 (GCVE-0-2021-31401)
Vulnerability from cvelistv5 – Published: 2021-08-19 11:25 – Updated: 2024-08-03 22:55
VLAI
EPSS
Summary
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.forescout.com/blog/new-critical-opera… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/608209 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T11:26:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31401",
"datePublished": "2021-08-19T11:25:42.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31401",
"date": "2026-06-01",
"epss": "0.00498",
"percentile": "0.66146"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3\", \"matchCriteriaId\": \"36A27EF5-D19C-4126-850C-89387A7A1410\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.0\", \"matchCriteriaId\": \"438332F0-E222-48FB-BA95-0A79EAC9E448\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF6988F4-8734-4B27-AD0B-B91F25654F9A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.0\", \"matchCriteriaId\": \"B62056DC-DF99-4118-9B22-45E51980CD7F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"797EAA6F-5E8C-4855-87ED-CE4D76D02571\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en la funci\\u00f3n tcp_rcv() en el archivo nptcp.c en HCC embedded InterNiche versi\\u00f3n 4.0.1. El c\\u00f3digo de procesamiento del encabezado TCP no sanea el valor del campo de longitud total de IP (longitud del encabezado + longitud de los datos). Con un paquete IP dise\\u00f1ado, se produce un desbordamiento de enteros cuando el valor de la longitud de datos IP se calcula restando la longitud del encabezado de la longitud total del paquete IP.\"}]",
"id": "CVE-2021-31401",
"lastModified": "2024-11-21T06:05:35.287",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-08-19T12:15:08.893",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/608209\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/608209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-19T12:15:08.893\",\"lastModified\":\"2024-11-21T06:05:35.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funci\u00f3n tcp_rcv() en el archivo nptcp.c en HCC embedded InterNiche versi\u00f3n 4.0.1. El c\u00f3digo de procesamiento del encabezado TCP no sanea el valor del campo de longitud total de IP (longitud del encabezado + longitud de los datos). Con un paquete IP dise\u00f1ado, se produce un desbordamiento de enteros cuando el valor de la longitud de datos IP se calcula restando la longitud del encabezado de la longitud total del paquete IP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"36A27EF5-D19C-4126-850C-89387A7A1410\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"438332F0-E222-48FB-BA95-0A79EAC9E448\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6988F4-8734-4B27-AD0B-B91F25654F9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.0\",\"matchCriteriaId\":\"B62056DC-DF99-4118-9B22-45E51980CD7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797EAA6F-5E8C-4855-87ED-CE4D76D02571\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
GSD-2021-31401
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31401",
"description": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"id": "GSD-2021-31401",
"references": [
"https://www.suse.com/security/cve/CVE-2021-31401.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31401"
],
"details": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"id": "GSD-2021-31401",
"modified": "2023-12-13T01:23:13.481584Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608209"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31401"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"name": "VU#608209",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
},
{
"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-08-26T18:09Z",
"publishedDate": "2021-08-19T12:15Z"
}
}
}
ICSA-21-217-01
Vulnerability from csaf_cisa - Published: 2021-08-05 00:00 - Updated: 2021-12-16 00:00Summary
HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may result in unauthorized access to arbitrary information, DNS cache poisoning, remote code execution, or a denial-of-service condition.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Hungary
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
7.5 (High)
9.8 (Critical)
8.2 (High)
4.0 (Medium)
7.5 (High)
7.5 (High)
7.5 (High)
7.5 (High)
7.5 (High)
9.1 (Critical)
7.5 (High)
4.0 (Medium)
7.5 (High)
7.5 (High)
References
25 references
Acknowledgments
Forescout
Amine Amri
Stanislav Dashevskyi
Daniel dos Santos
VDOO
Asaf Karas
Shachar Menashe
{
"document": {
"acknowledgments": [
{
"names": [
"Amine Amri",
"Stanislav Dashevskyi",
"Daniel dos Santos"
],
"organization": "Forescout",
"summary": "reporting these vulnerabilities to CISA"
},
{
"names": [
"Asaf Karas",
"Shachar Menashe"
],
"organization": "VDOO",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in unauthorized access to arbitrary information, DNS cache poisoning, remote code execution, or a denial-of-service condition.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Hungary",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-217-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-217-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-217-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-217-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-217-01"
}
],
"title": "HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)",
"tracking": {
"current_release_date": "2021-12-16T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-217-01",
"initial_release_date": "2021-08-05T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-08-05T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-217-01 HCC Embedded InterNiche TCPIP stack NicheLite"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-217-01 HCC Embedded InterNiche TCPIP stack NicheLite (Update A)"
},
{
"date": "2021-12-16T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-21-217-01 HCC Embedded InterNiche TCP/IP stack NicheLite (Update B)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.3",
"product": {
"name": "InterNiche stack: All versions prior to v4.3",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "InterNiche stack"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.3",
"product": {
"name": "NicheLite: All versions prior to v4.3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "NicheLite"
}
],
"category": "vendor",
"name": "HCC Embedded"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25767",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "summary",
"text": "When parsing DNS domain names, there are no checks on whether a domain name compression pointer is pointing within the bounds of the packet, which may result in an out-of-bounds read.CVE-2020-25767 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-25928",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "The routine for parsing DNS response packets does not check the response data length field of individual DNS answers, which may cause an out-of-bounds read/write.CVE-2020-25928 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-25927",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "The number of queries or responses specified in the DNS packet header is not validated with the query/response data available in the DNS packet, leading to an out-of-bounds read.CVE-2020-25927 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-25926",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "The DNS client does not sufficiently randomize transaction IDs, facilitating DNS cache poisoning attacks.CVE-2020-25926 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses ICMP packets relies on an unchecked value of the IP payload size to compute the ICMP checksum, which may result in an out-of-bounds read.CVE-2020-35683 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses TCP packets relies on an unchecked value of the IP payload size to compute the length of the TCP payload within the TCP checksum computation function, which may result in an out-of-bounds read.CVE-2020-35684 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "TCP ISNs are insufficiently randomized, which may result in TCP spoofing by an attacker.CVE-2020-35685 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "summary",
"text": "The TCP urgent data processing function may invoke a panic function, which may result in an infinite loop.CVE-2021-31400 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker could send a specially crafted IP packet to trigger an integer overflow due to the lack of IP length validation.CVE-2021-31401 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-31226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A potential heap buffer overflow exists in the code that parses the HTTP POST request due to lack of size validation.CVE-2021-31226 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-31227",
"cwe": {
"id": "CWE-839",
"name": "Numeric Range Comparison Without Minimum Check"
},
"notes": [
{
"category": "summary",
"text": "A potential heap buffer overflow exists in the code that parses the HTTP POST request due to an incorrect signed integer comparison.CVE-2021-31227 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-31228",
"cwe": {
"id": "CWE-340",
"name": "Generation of Predictable Numbers or Identifiers"
},
"notes": [
{
"category": "summary",
"text": "An attacker may be able to predict DNS queries \u0027 source port to then send forged DNS response packets, which may be accepted as valid answers.CVE-2021-31228 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-27565",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Unhandled HTTP requests result in an infinite loop that disrupts TCP/IP communication.CVE-2021-27565 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-36762",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The TFTP packet processing function does not ensure that the filename is null-terminated, which may result in a denial-of-service condition.CVE-2021-36762 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
},
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
SEVD-2021-217-01
Vulnerability from csaf_se - Published: 2021-08-05 06:29 - Updated: 2023-05-09 06:29Summary
NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives
Notes
General Security Recommendations: We strongly recommend the following industry cybersecurity best practices.
https://www.se.com/us/en/download/document/7EN52-0390/
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information: This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER: THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric: At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.
We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.
We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.
www.se.com
Overview: Schneider Electric is aware of multiple vulnerabilities in HCC Embedded’s NicheStack TCP/IP third party component, which is integrated into Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products.
Failure to apply the mitigations provided below may risk denial of service of the drives.
February 2023 Update: A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Mitigation
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
No Fix Planned
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Mitigation
fix
Vendor Fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior
Schneider Electric / Lexium ILE ILA ILS communication drive
|
<=01.111 |
Vendor Fix
|
|
|
Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
Schneider Electric / Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)
|
1.10.1 |
Mitigation
fix
|
|
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
<V1.20IE01 |
Vendor Fix
Mitigation
fix
|
|
|
Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions
Schneider Electric / Altivar 61/71 Profinet communication card (VW3A3327)
|
vers:all/* |
Mitigation
fix
|
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Lexium ILE ILA ILS communication drive 01.111
Schneider Electric / Lexium ILE ILA ILS communication drive
|
01.111 | ||
|
Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01
Schneider Electric / Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)
|
V1.20IE01 |
References
3 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.\n\nWe provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.\n\nWe are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.\n\nwww.se.com ",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in HCC Embedded\u2019s NicheStack TCP/IP third party component, which is integrated into Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products.\nFailure to apply the mitigations provided below may risk denial of service of the drives.\nFebruary 2023 Update: A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)",
"title": "Overview"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cybersecurity@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives - SEVD-2021-217-01 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"category": "self",
"summary": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives - SEVD-2021-217-01 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2021-217-01.json"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"title": "NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives",
"tracking": {
"current_release_date": "2023-05-09T06:29:00.000Z",
"generator": {
"date": "2023-05-09T06:29:00.000Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2021-217-01",
"initial_release_date": "2021-08-05T06:29:08.000Z",
"revision_history": [
{
"date": "2021-08-05T06:29:08.000Z",
"number": "1.0.0",
"summary": "Original Release"
},
{
"date": "2022-02-08T06:29:08.000Z",
"number": "2.0.0",
"summary": "Added Altivar Profinet Communication Module (VW3A3627), Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) to the list of affected products."
},
{
"date": "2022-09-13T06:29:08.000Z",
"number": "3.0.0",
"summary": "A remediation is available for Lexium ILE, ILA, ILS drives and the affected communication module firmware version has been updated."
},
{
"date": "2023-02-14T06:30:00.000Z",
"number": "4.0.0",
"summary": "A remediation is available for Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)"
},
{
"date": "2023-05-09T06:29:00.000Z",
"number": "5.0.0",
"summary": "A remediation is available for Altivar 32/320 \u0026 Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
}
],
"status": "final",
"version": "5.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.111",
"product": {
"name": "Schneider Electric Lexium ILE ILA ILS communication drive version 01.110 and prior",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Lexium ILE ILA ILS communication drive"
},
{
"branches": [
{
"category": "product_version",
"name": "01.111",
"product": {
"name": "Schneider Electric Lexium ILE ILA ILS communication drive 01.111",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Lexium ILE ILA ILS communication drive"
},
{
"branches": [
{
"category": "product_version",
"name": "1.10.1",
"product": {
"name": "Schneider Electric Altivar 32/320/340/600/900 Profinet communication module (VW3A3627) ",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Altivar 32/320/340/600/900 Profinet communication module (VW3A3627)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.20IE01",
"product": {
"name": "Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
},
{
"branches": [
{
"category": "product_version",
"name": "V1.20IE01",
"product": {
"name": "Schneider Electric Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions prior to V1.20IE01",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module (VW3A3616)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Altivar 61/71 Profinet communication card (VW3A3327) All versions",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Altivar 61/71 Profinet communication card (VW3A3327)"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31400",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616). We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\n\u2022 Implement a firewall to restrict network access to the drives\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\n\u2022 Configure the controller with dedicated access control lists as described below\nMore information to implement these mitigations can be found in the online help of the controllers at:\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.10.1 of Altivar 32/320/340/600/900 Profinet communication module includes a fix for these vulnerabilities.\nFor product release prior to V1.10.1, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information.",
"product_ids": [
"3"
],
"restart_required": {
"category": "none"
}
},
{
"category": "no_fix_planned",
"details": "This is an End Of Commercialization offer that is replaced by the ALTIVAR 900 \u0026 ALTIVAR 600 ranges.\nTo reduce risk of exploitation, apply the mitigations detailed in the Mitigations section.",
"product_ids": [
"5"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2021-31401",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2020-35683",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2020-35685",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2020-35684",
"notes": [
{
"category": "description",
"text": "Five of the 14 vulnerabilities disclosed by researchers in the NicheStack TCP/IP component impact Schneider Electric\u2019s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327). Additional information vulnerability details can be found at https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"6"
],
"known_affected": [
"1",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V01.111 of Lexium ILE, ILA, ILS communication module includes a fix for these vulnerabilities.\r\nReboot is needed.\r\nPlease contact your local Schneider Electric technical support for more information on how to get the firmware and how to upgrade the communication firmware module.",
"product_ids": [
"1"
],
"restart_required": {
"category": "machine"
}
},
{
"category": "vendor_fix",
"details": "V1.20IE01 of Altivar 32/320 and Lexium 32 Ethernet TCP/IP communication module includes a fix for these vulnerabilities. For product release prior to V1.20IE01, apply the mitigations detailed in the Mitigations section and contact your local technical support for more information",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "Schneider Electric is establishing a remediation plan for all future versions of Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. We will update this document when the remediation or additional mitigations are available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:\r\n\u2022 Implement a firewall to restrict network access to the drives\r\n\u2022 Configure the controller associated to the drives by disabling IP forwarding as described in the online help of your controller.\r\n\u2022 Configure the controller with dedicated access control lists as described below\r\nMore information to implement these mitigations can be found in the online help of the controllers at:\r\nhttps://olh.schneider-electric.com/Machine Expert/V2.0/LandingPages/en/index.html\r\nTo ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric\u2019s security notification service here:\r\nhttps://www.se.com/en/work/support/cybersecurity/security-notifications.jsp",
"product_ids": [
"3",
"4",
"5"
],
"restart_required": {
"category": "machine"
},
"url": "https://olh.schneider-electric.com/MachineExpert/V2.0/LandingPages/en/index.html"
}
],
"title": "CVE-2020-35684"
}
]
}
SSA-789208
Vulnerability from csaf_siemens - Published: 2021-08-04 00:00 - Updated: 2022-01-11 00:00Summary
SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Notes
Summary: Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as "INFRA:HALT" vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
[0] https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-20
- Improper Input Validation
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-330
- Use of Insufficiently Random Values
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
References
21 references
Acknowledgments
Bundesamt für Sicherheit in der Informationstechnik (BSI)
CERT Coordination Center (CERT/CC)
Forescout Technologies
Daniel dos Santos
Jos Wetzels
Amine Amri
Vdoo
Asaf Karas
Shachar Menashe
HCC Embedded
{
"document": {
"acknowledgments": [
{
"organization": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI)",
"summary": "coordination efforts"
},
{
"organization": "CERT Coordination Center (CERT/CC)",
"summary": "coordination efforts"
},
{
"names": [
"Daniel dos Santos",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
},
{
"names": [
"Asaf Karas",
"Shachar Menashe"
],
"organization": "Vdoo",
"summary": "coordinated disclosure"
},
{
"organization": "HCC Embedded",
"summary": "coordination efforts"
}
],
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as \"INFRA:HALT\" vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.\n\n[0] https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
},
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-789208.json"
}
],
"title": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices",
"tracking": {
"current_release_date": "2022-01-11T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-789208",
"initial_release_date": "2021-08-04T00:00:00Z",
"revision_history": [
{
"date": "2021-08-04T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Split SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module into three products (MLFBs); updated link to solution for SENTRON 3WA COM190"
},
{
"date": "2022-01-11T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.0.0",
"product": {
"name": "SENTRON 3WA COM190",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SENTRON 3WA COM190"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V1.2.0",
"product": {
"name": "SENTRON 3WL COM35",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SENTRON 3WL COM35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.1.6",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE01-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.0.4",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE02-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35683 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35683 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35683 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35683.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds. A low-impact write-out-of-bounds is also possible.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35684 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2020-35684 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2020-35684 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35684 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35684 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35684.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "TCP ISNs are generated in a predictable manner.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35685 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2020-35685 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2020-35685 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35685 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35685 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35685.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TCP header processing code doesn\u0027t sanitize the length of the IP length (header + data). With a crafted IP packet an integer overflow would occur whenever the length of the IP data is calculated by subtracting the length of the header from the length of the total IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2021-31401 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2021-31401 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2021-31401 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2021-31401 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2021-31401 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31401.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-31401"
}
]
}
VAR-202108-1051
Vulnerability from variot - Updated: 2023-12-18 10:57An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. HCC Embedded InterNiche is a newsletter software.
The HCC Embedded InterNiche stack has an input verification error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sentron 3wl com35",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "sentron 3wa com190",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "nichestack",
"scope": "lt",
"trust": 1.0,
"vendor": "hcc embedded",
"version": "4.3"
},
{
"model": "embedded interniche stack",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
},
{
"model": "embedded nichelite",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 July 20, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"cve": "CVE-2021-31401",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-58798",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-31401",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-58798",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-499",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. HCC Embedded\u0027s software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as \"INFRA:HALT\"CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2. HCC Embedded InterNiche is a newsletter software. \n\r\n\r\nThe HCC Embedded InterNiche stack has an input verification error vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31401",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#608209",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-789208",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-58798",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080607",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2661",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31401",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"id": "VAR-202108-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
}
]
},
"last_update_date": "2023-12-18T10:57:19.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for HCC Embedded InterNiche input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/285001"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dcdeae95fabde3361948ed61a281b1cb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"trust": 1.6,
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/608209"
},
{
"trust": 0.8,
"url": "cve-2020-25767 "
},
{
"trust": 0.8,
"url": "cve-2020-25926 "
},
{
"trust": 0.8,
"url": "cve-2020-25927 "
},
{
"trust": 0.8,
"url": "cve-2020-25928 "
},
{
"trust": 0.8,
"url": "cve-2020-35683 "
},
{
"trust": 0.8,
"url": "cve-2020-35684 "
},
{
"trust": 0.8,
"url": "cve-2020-35685 "
},
{
"trust": 0.8,
"url": "cve-2021-27565 "
},
{
"trust": 0.8,
"url": "cve-2021-31226 "
},
{
"trust": 0.8,
"url": "cve-2021-31227 "
},
{
"trust": 0.8,
"url": "cve-2021-31228 "
},
{
"trust": 0.8,
"url": "cve-2021-31400 "
},
{
"trust": 0.8,
"url": "cve-2021-31401 "
},
{
"trust": 0.8,
"url": "cve-2021-36762 "
},
{
"trust": 0.8,
"url": "vince json"
},
{
"trust": 0.8,
"url": "csaf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2661"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080607"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-10T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2021-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"date": "2021-08-19T12:15:08.893000",
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"date": "2021-08-26T18:09:19.857000",
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NicheStack embedded TCP/IP has vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VDE-2021-009
Vulnerability from csaf_pilzgmbhcokg - Published: 2021-09-20 11:56 - Updated: 2025-05-14 13:00Summary
Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities
Notes
Summary: Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
Mitigation: It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Remediation: | Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Impact: Die Schwachstellen ermöglichen einem entfernten Angreifer:
- einen Neustart des Geräts auszulösen, was zu einer Denial-of-Service-Situation führt
- eine TCP-Verbindung zu kapern
### Betroffene Produkte und CVEs
| Produkt | Betroffen von CVEs |
|----------------------------------------------|--------------------|
| PSSu-Module für dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PSSu-Module für PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)
9.1 (Critical)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple products of PILZ utilise a third-party TCP/IP implementation - the \"Niche Ethernet Stack\". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.",
"title": "Summary"
},
{
"category": "description",
"text": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"title": "Mitigation"
},
{
"category": "description",
"text": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"title": "Remediation"
},
{
"category": "description",
"text": "Die Schwachstellen erm\u00f6glichen einem entfernten Angreifer:\n\n- einen Neustart des Ger\u00e4ts auszul\u00f6sen, was zu einer Denial-of-Service-Situation f\u00fchrt\n- eine TCP-Verbindung zu kapern\n\n### Betroffene Produkte und CVEs\n\n| Produkt | Betroffen von CVEs |\n|----------------------------------------------|--------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PSSu-Module f\u00fcr PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "Pilz advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/vde-2021-009"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-009.json"
}
],
"title": "Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-009"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-05T11:49:30.977Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-009",
"initial_release_date": "2021-09-20T11:56:00.000Z",
"revision_history": [
{
"date": "2021-09-20T11:56:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product": {
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"773103",
"773104*",
"773113",
"773116",
"773123",
"7731260"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m B1",
"product": {
"name": "PNOZ m B1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m ES ETH",
"product": {
"name": "PNOZ m ES ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ mmc1p ETH",
"product": {
"name": "PNOZ mmc1p ETH",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for decentralised E/A-System",
"product": {
"name": "PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"312041",
"312042",
"312043"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for PSS 4000",
"product": {
"name": "PSSu-Module for PSS 4000",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"31206*",
"312070*",
"312071*",
"312077",
"312085*",
"312087",
"31407*",
"314085",
"314086",
"314087",
"315070*",
"315071*",
"315085",
"315086",
"316010",
"316020"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Firmware \u003c1.22.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.2",
"product": {
"name": "Firmware \u003cv1.2",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.8",
"product": {
"name": "Firmware \u003cv1.8",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Firmware 1.22.2",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.8 installed on PNOZ m B1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.2 installed on PNOZ m ES ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PNOZ mmc1p ETH",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-31006",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35683"
}
]
}
VDE-2021-032
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-08-04 07:57 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC
Notes
Summary: Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher's community.
Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.
Impact: A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.
Mitigation: Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
9.1 (Critical)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc
www.nozominetworks.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc",
"summary": "discovered and reported",
"urls": [
"https://www.nozominetworks.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/v1/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher\u0027s community.\nPhoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-032"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-032.json"
}
],
"title": "PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC",
"tracking": {
"aliases": [
"VDE-2021-032"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-03-07T11:40:00.910Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-032",
"initial_release_date": "2021-08-04T07:57:00.000Z",
"revision_history": [
{
"date": "2021-08-04T07:57:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC 1050",
"product": {
"name": "AXC 1050",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2700988",
"2701295"
]
}
}
},
{
"category": "product_name",
"name": "EV-PLCC-AC1-DC1",
"product": {
"name": "EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1624130"
]
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "ILC1x0",
"product": {
"name": "ILC1x0",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "ILC1x1",
"product": {
"name": "ILC1x1",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2700973",
"2700974",
"2700975",
"2700976",
"2701034",
"2701141"
]
}
}
}
],
"category": "product_family",
"name": "ILC1x"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 1050",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x0",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x1",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2021-31227",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31227"
}
]
}
VDE-2021-042
Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2021-10-18 08:24 - Updated: 2025-05-14 13:00Summary
Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities
Notes
Summary:
The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.
Mitigation: Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovery and reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "\nThe Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.",
"title": "Summary"
},
{
"category": "description",
"text": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@weidmueller.com",
"name": "Weidmueller Interface GmbH \u0026 Co. KG",
"namespace": "https://www.weidmueller.com"
},
"references": [
{
"category": "external",
"summary": "Weidmueller advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/weidmueller/"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-042"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - CSAF",
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-042.json"
}
],
"title": "Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-042"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-04-10T07:47:57.803Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2021-042",
"initial_release_date": "2021-10-18T08:24:00.000Z",
"revision_history": [
{
"date": "2021-10-18T08:24:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-04-10T07:45:00.000Z",
"number": "2",
"summary": "Fix: change vendor in product tree"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "UR20-FBC-CAN",
"product": {
"name": "UR20-FBC-CAN",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1334890000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC",
"product": {
"name": "UR20-FBC-CC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2625010000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC-TSN",
"product": {
"name": "UR20-FBC-CC-TSN",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2680260000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-DN",
"product": {
"name": "UR20-FBC-DN",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1334900000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC",
"product": {
"name": "UR20-FBC-EC",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1334910000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC-ECO",
"product": {
"name": "UR20-FBC-EC-ECO",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2659690000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EIP",
"product": {
"name": "UR20-FBC-EIP",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1334920000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-IEC61162-450",
"product": {
"name": "UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2661310000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-ECO",
"product": {
"name": "UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2659700000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-V2",
"product": {
"name": "UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2476450000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PB-DP-V2",
"product": {
"name": "UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2614380000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PL",
"product": {
"name": "UR20-FBC-PL",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"1334940000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-ECO",
"product": {
"name": "UR20-FBC-PN-ECO",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2659680000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-IRT-V2",
"product": {
"name": "UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2566380000"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.00.00",
"product": {
"name": "Firmware \u003c=01.00.00",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.01",
"product": {
"name": "Firmware \u003c=01.00.01",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.02",
"product": {
"name": "Firmware \u003c=01.00.02",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.01.00",
"product": {
"name": "Firmware \u003c=01.01.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.02.01",
"product": {
"name": "Firmware \u003c=01.02.01",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.08.00",
"product": {
"name": "Firmware \u003c=01.08.00",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.10.00",
"product": {
"name": "Firmware \u003c=01.10.00",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.11.00",
"product": {
"name": "Firmware \u003c=01.11.00",
"product_id": "CSAFPID-21008"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.12.00",
"product": {
"name": "Firmware \u003c=01.12.00",
"product_id": "CSAFPID-21009"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.08.01",
"product": {
"name": "Firmware \u003c=02.08.01",
"product_id": "CSAFPID-21010"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.11.00",
"product": {
"name": "Firmware \u003c=02.11.00",
"product_id": "CSAFPID-21011"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-CAN",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-CC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.01 installed on UR20-FBC-CC-TSN",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-DN",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.12.00 installed on UR20-FBC-EC",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.01 installed on UR20-FBC-EC-ECO",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.11.00 installed on UR20-FBC-EIP",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.01.00 installed on UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.00 installed on UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.08.01 installed on UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.10.00 installed on UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-PL",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-PN-ECO",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.11.00 installed on UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11014"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35683"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…