ICSA-20-168-01
Vulnerability from csaf_cisa - Published: 2020-06-16 06:00 - Updated: 2024-09-19 06:00Summary
Treck TCP/IP (Update I)
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.
Critical infrastructure sectors: Energy, Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as virtual private networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. This vulnerability has a high attack complexity.
10.0 (Critical)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
10.0 (Critical)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
9.1 (Critical)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.4 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
8.2 (High)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
9.0 (Critical)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
7.3 (High)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.3 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.6 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.3 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.0 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
5.0 (Medium)
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-170
- Improper Null Termination
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-20
- Improper Input Validation
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-20
- Improper Input Validation
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-284
- Improper Access Control
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-20
- Improper Input Validation
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-20
- Improper Input Validation
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
CWE-20
- Improper Input Validation
Mitigation
Treck recommends users apply the latest version of the affected products:
Mitigation
Treck TCP/IP: Update to 6.0.1.67 or later versions
Mitigation
To obtain patches, email Treck at security@treck.com
mailto:security@treck.com
Mitigation
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
Mitigation
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
Mitigation
ABB
https://search.abb.com/library/Download.aspx?Docu…
Mitigation
B.Braun
https://www.bbraunusa.com/en/products-and-therapi…
Mitigation
Baxter
https://www.baxter.com/product-security#additiona…
Mitigation
BD
https://www.bd.com/en-us/support/product-security…
Mitigation
CareStream
https://www.carestream.com/en/us/services-and-sup…
Mitigation
Caterpillar
https://www.cat.com/en_US/support/technology/conn…
Mitigation
DIGI International
https://www.digi.com/support/knowledge-base/digi-…
Mitigation
Eaton
https://www.eaton.com/content/dam/eaton/company/n…
Mitigation
Green Hills Software
https://support.ghs.com/psirt/PSA-2020-05/
Mitigation
IDEC Corporation
https://us.idec.com/media/24-RD-0300-EN.pdf
Mitigation
Johnson Controls
https://www.johnsoncontrols.com/cyber-solutions/s…
Mitigation
Miele
https://cert.vde.com/en-us/advisories/vde-2020-024
Mitigation
Opto 22
https://www.opto22.com/support/resources-tools/kn…
Mitigation
Pepperl+Fuchs
https://cert.vde.com/en/advisories/VDE-2021-028/
Mitigation
Rockwell
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Schneider Electric
https://www.se.com/ww/en/download/document/SESB-2…
Mitigation
Smiths Medical
https://www.smiths-medical.com/company-informatio…
References
Acknowledgments
JSOF
Shlomi Oberman
Moshe Kol
{
"document": {
"acknowledgments": [
{
"names": [
"Shlomi Oberman",
"Moshe Kol"
],
"organization": "JSOF",
"summary": "reporting these vulnerabilities to CERT/CC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy, Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. This vulnerability has a high attack complexity.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-168-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-168-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-20-168-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-168-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Treck TCP/IP (Update I)",
"tracking": {
"current_release_date": "2024-09-19T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-168-01",
"initial_release_date": "2020-06-16T06:00:00.000000Z",
"revision_history": [
{
"date": "2020-06-16T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2020-06-18T06:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - ICSA-20-168-01 Treck TCP-IP Stack (Update A)"
},
{
"date": "2020-06-30T06:00:00.000000Z",
"legacy_version": "Update B",
"number": "3",
"summary": "Update B - ICSA-20-168-01 Treck TCP/IP Stack (Update B)"
},
{
"date": "2020-07-07T06:00:00.000000Z",
"legacy_version": "Update C",
"number": "4",
"summary": "Update C - ICSA-20-168-01 Treck TCP-IP Stack (Update C)"
},
{
"date": "2020-07-14T06:00:00.000000Z",
"legacy_version": "Update D",
"number": "5",
"summary": "Update D - ICSA-20-168-01 Treck TCP/IP Stack (Update D)"
},
{
"date": "2020-07-21T06:00:00.000000Z",
"legacy_version": "Update E",
"number": "6",
"summary": "Update E - ICSA-20-168-01 Treck TCP/IP Stack (Update E)"
},
{
"date": "2020-08-04T06:00:00.000000Z",
"legacy_version": "Update F",
"number": "7",
"summary": "Update F - ICSA-20-168-01 Treck TCP-IP Stack (Update F)"
},
{
"date": "2020-08-20T06:00:00.000000Z",
"legacy_version": "Update G",
"number": "8",
"summary": "Update G - ICSA-20-168-01 Treck TCP/IP Stack (Update G)"
},
{
"date": "2022-03-17T06:00:00.000000Z",
"legacy_version": "Update H",
"number": "9",
"summary": "Update H - ICSA-20-168-01 Treck TCP/IP Stack (Update H)"
},
{
"date": "2024-09-19T06:00:00.000000Z",
"legacy_version": "Update I",
"number": "10",
"summary": "Update I - Included IDEC Corporation."
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "IPv4",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: IPv4",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "IPv6",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: IPv6",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "UDP",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: UDP",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "DNS",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: DNS",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "DHCP",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: DHCP",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "TCP",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: TCP",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "ICMPv4",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: ICMPv4",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
},
{
"branches": [
{
"category": "product_version",
"name": "ARP",
"product": {
"name": "Treck Inc. Treck Inc TCP/IP: ARP",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Treck Inc TCP/IP"
}
],
"category": "vendor",
"name": "Treck Inc."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11896",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11897",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in possible out-of-bounds write.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11897"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11898",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11898"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11899",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read and a possible denial of service.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11899"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11900",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Possible double free in IPv4 tunneling component when handling a packet sent by a network attacker. This vulnerability may result in use after free.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11900"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11901",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in DNS resolver component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11901"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11902",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in IPv6 over IPv4 tunneling component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11902"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Possible out-of-bounds read in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11903"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11904",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Possible integer overflow or wraparound in memory allocation component when handling a packet sent by an unauthorized network attacker may result in out-of-bounds write.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11904"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11905",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Possible out-of-bounds read in DHCPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11905"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11906",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation CWE-20 in ethernet link layer component from a packet sent by an unauthorized user. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11906"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11907",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "Improper handling of length parameter inconsistency in TCP component, from a packet sent by an unauthorized network attacker.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11907"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11908",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "Improper null termination in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11908"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11909",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in IPv4 component when handling a packet sent by an unauthorized network attacker.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11909"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11910",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11910"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11911",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to improper access control, which may allow an attacker to change one specific configuration value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11911"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11912",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in TCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11912"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11913"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-11914",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper input validation in ARP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11914"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Treck recommends users apply the latest version of the affected products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Treck TCP/IP: Update to 6.0.1.67 or later versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "To obtain patches, email Treck at security@treck.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "mailto:security@treck.com"
},
{
"category": "mitigation",
"details": "For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1508.html"
},
{
"category": "mitigation",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "ABB",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=1MRS494936A\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "B.Braun",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html"
},
{
"category": "mitigation",
"details": "Baxter",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.baxter.com/product-security#additionalresources"
},
{
"category": "mitigation",
"details": "BD",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/third-party-product-security-bulletin-for-treck-tcp-ip-stack-vulnerabilities"
},
{
"category": "mitigation",
"details": "CareStream",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy"
},
{
"category": "mitigation",
"details": "Caterpillar",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.cat.com/en_US/support/technology/connected-solutions-principles/security/caterpillar-cybersecurity-advisory.html"
},
{
"category": "mitigation",
"details": "DIGI International",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st"
},
{
"category": "mitigation",
"details": "Eaton",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf"
},
{
"category": "mitigation",
"details": "Green Hills Software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"category": "mitigation",
"details": "IDEC Corporation",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://us.idec.com/media/24-RD-0300-EN.pdf"
},
{
"category": "mitigation",
"details": "Johnson Controls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"category": "mitigation",
"details": "Miele",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-024"
},
{
"category": "mitigation",
"details": "Opto 22",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb88981"
},
{
"category": "mitigation",
"details": "Pepperl+Fuchs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-028/"
},
{
"category": "mitigation",
"details": "Rockwell",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896"
},
{
"category": "mitigation",
"details": "Schneider Electric",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01"
},
{
"category": "mitigation",
"details": "Smiths Medical",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.smiths-medical.com/company-information/news-and-events/news/2020/july/02/smiths-medical-cybersecurity-bulletin"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…