Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31401 (GCVE-0-2021-31401)
Vulnerability from cvelistv5 – Published: 2021-08-19 11:25 – Updated: 2024-08-03 22:55
VLAI
EPSS
Summary
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.forescout.com/blog/new-critical-opera… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/608209 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T11:26:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/608209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"name": "VU#608209",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31401",
"datePublished": "2021-08-19T11:25:42.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31401",
"date": "2026-06-06",
"epss": "0.00498",
"percentile": "0.66272"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-19T12:15:08.893\",\"lastModified\":\"2024-11-21T06:05:35.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funci\u00f3n tcp_rcv() en el archivo nptcp.c en HCC embedded InterNiche versi\u00f3n 4.0.1. El c\u00f3digo de procesamiento del encabezado TCP no sanea el valor del campo de longitud total de IP (longitud del encabezado + longitud de los datos). Con un paquete IP dise\u00f1ado, se produce un desbordamiento de enteros cuando el valor de la longitud de datos IP se calcula restando la longitud del encabezado de la longitud total del paquete IP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"36A27EF5-D19C-4126-850C-89387A7A1410\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"438332F0-E222-48FB-BA95-0A79EAC9E448\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6988F4-8734-4B27-AD0B-B91F25654F9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.0\",\"matchCriteriaId\":\"B62056DC-DF99-4118-9B22-45E51980CD7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797EAA6F-5E8C-4855-87ED-CE4D76D02571\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/608209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
SSA-789208
Vulnerability from csaf_siemens - Published: 2021-08-04 00:00 - Updated: 2022-01-11 00:00Summary
SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Notes
Summary: Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as "INFRA:HALT" vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
[0] https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-20
- Improper Input Validation
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-330
- Use of Insufficiently Random Values
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SENTRON 3WA COM190
Siemens / SENTRON 3WA COM190
|
< V2.0.0 |
Vendor Fix
fix
|
|
|
SENTRON 3WL COM35
Siemens / SENTRON 3WL COM35
|
< V1.2.0 |
Vendor Fix
fix
|
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE00-0AA0
|
vers:all/* |
No Fix Planned
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE01-0AA0
|
< V2.1.6 |
Vendor Fix
fix
|
|
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)
Siemens / SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module
|
7KM9300-0AE02-0AA0
|
< V3.0.4 |
Vendor Fix
fix
|
References
21 references
Acknowledgments
Bundesamt für Sicherheit in der Informationstechnik (BSI)
CERT Coordination Center (CERT/CC)
Forescout Technologies
Daniel dos Santos
Jos Wetzels
Amine Amri
Vdoo
Asaf Karas
Shachar Menashe
HCC Embedded
{
"document": {
"acknowledgments": [
{
"organization": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI)",
"summary": "coordination efforts"
},
{
"organization": "CERT Coordination Center (CERT/CC)",
"summary": "coordination efforts"
},
{
"names": [
"Daniel dos Santos",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
},
{
"names": [
"Asaf Karas",
"Shachar Menashe"
],
"organization": "Vdoo",
"summary": "coordinated disclosure"
},
{
"organization": "HCC Embedded",
"summary": "coordination efforts"
}
],
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as \"INFRA:HALT\" vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.\n\n[0] https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
},
{
"category": "self",
"summary": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-789208.json"
}
],
"title": "SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices",
"tracking": {
"current_release_date": "2022-01-11T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-789208",
"initial_release_date": "2021-08-04T00:00:00Z",
"revision_history": [
{
"date": "2021-08-04T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Split SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module into three products (MLFBs); updated link to solution for SENTRON 3WA COM190"
},
{
"date": "2022-01-11T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.0.0",
"product": {
"name": "SENTRON 3WA COM190",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SENTRON 3WA COM190"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V1.2.0",
"product": {
"name": "SENTRON 3WL COM35",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SENTRON 3WL COM35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE00-0AA0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.1.6",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE01-0AA0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE01-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.0.4",
"product": {
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (7KM9300-0AE02-0AA0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"7KM9300-0AE02-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35683 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35683 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35683 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35683.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds. A low-impact write-out-of-bounds is also possible.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35684 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2020-35684 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2020-35684 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35684 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35684 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35684.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "TCP ISNs are generated in a predictable manner.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2020-35685 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2020-35685 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2020-35685 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2020-35685 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2020-35685 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-35685.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TCP header processing code doesn\u0027t sanitize the length of the IP length (header + data). With a crafted IP packet an integer overflow would occur whenever the length of the IP data is calculated by subtracting the length of the header from the length of the total IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2021-31401 - SENTRON 3WA COM190",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"summary": "CVE-2021-31401 - SENTRON 3WL COM35",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"summary": "CVE-2021-31401 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"summary": "CVE-2021-31401 - SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
},
{
"summary": "CVE-2021-31401 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31401.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109782123/"
},
{
"category": "vendor_fix",
"details": "Update to V1.2.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109766651/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.1.6 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109749555/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109777120/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-31401"
}
]
}
VAR-202108-1051
Vulnerability from variot - Updated: 2024-08-14 12:09An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. HCC Embedded InterNiche is a newsletter software.
The HCC Embedded InterNiche stack has an input verification error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sentron 3wl com35",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "sentron 3wa com190",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "nichestack",
"scope": "lt",
"trust": 1.0,
"vendor": "hcc embedded",
"version": "4.3"
},
{
"model": "embedded interniche stack",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
},
{
"model": "embedded nichelite",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 July 20, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"cve": "CVE-2021-31401",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31401",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-58798",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31401",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31401",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-58798",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-499",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. HCC Embedded\u0027s software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as \"INFRA:HALT\"CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2. HCC Embedded InterNiche is a newsletter software. \n\r\n\r\nThe HCC Embedded InterNiche stack has an input verification error vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31401"
},
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31401",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#608209",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-789208",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-58798",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080607",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2661",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31401",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"id": "VAR-202108-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
}
]
},
"last_update_date": "2024-08-14T12:09:22.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for HCC Embedded InterNiche input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/285001"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dcdeae95fabde3361948ed61a281b1cb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/608209"
},
{
"trust": 1.6,
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"trust": 0.8,
"url": "cve-2020-25767 "
},
{
"trust": 0.8,
"url": "cve-2020-25926 "
},
{
"trust": 0.8,
"url": "cve-2020-25927 "
},
{
"trust": 0.8,
"url": "cve-2020-25928 "
},
{
"trust": 0.8,
"url": "cve-2020-35683 "
},
{
"trust": 0.8,
"url": "cve-2020-35684 "
},
{
"trust": 0.8,
"url": "cve-2020-35685 "
},
{
"trust": 0.8,
"url": "cve-2021-27565 "
},
{
"trust": 0.8,
"url": "cve-2021-31226 "
},
{
"trust": 0.8,
"url": "cve-2021-31227 "
},
{
"trust": 0.8,
"url": "cve-2021-31228 "
},
{
"trust": 0.8,
"url": "cve-2021-31400 "
},
{
"trust": 0.8,
"url": "cve-2021-31401 "
},
{
"trust": 0.8,
"url": "cve-2021-36762 "
},
{
"trust": 0.8,
"url": "vince json"
},
{
"trust": 0.8,
"url": "csaf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2661"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080607"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"db": "VULMON",
"id": "CVE-2021-31401"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-10T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2021-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"date": "2021-08-19T12:15:08.893000",
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58798"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-499"
},
{
"date": "2021-08-26T18:09:19.857000",
"db": "NVD",
"id": "CVE-2021-31401"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-499"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NicheStack embedded TCP/IP has vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VDE-2021-009
Vulnerability from csaf_pilzgmbhcokg - Published: 2021-09-20 11:56 - Updated: 2025-05-14 13:00Summary
Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities
Notes
Summary: Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
Mitigation: It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Remediation: | Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Impact: Die Schwachstellen ermöglichen einem entfernten Angreifer:
- einen Neustart des Geräts auszulösen, was zu einer Denial-of-Service-Situation führt
- eine TCP-Verbindung zu kapern
### Betroffene Produkte und CVEs
| Produkt | Betroffen von CVEs |
|----------------------------------------------|--------------------|
| PSSu-Module für dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PSSu-Module für PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)
9.1 (Critical)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple products of PILZ utilise a third-party TCP/IP implementation - the \"Niche Ethernet Stack\". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.",
"title": "Summary"
},
{
"category": "description",
"text": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"title": "Mitigation"
},
{
"category": "description",
"text": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"title": "Remediation"
},
{
"category": "description",
"text": "Die Schwachstellen erm\u00f6glichen einem entfernten Angreifer:\n\n- einen Neustart des Ger\u00e4ts auszul\u00f6sen, was zu einer Denial-of-Service-Situation f\u00fchrt\n- eine TCP-Verbindung zu kapern\n\n### Betroffene Produkte und CVEs\n\n| Produkt | Betroffen von CVEs |\n|----------------------------------------------|--------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PSSu-Module f\u00fcr PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "Pilz advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/vde-2021-009"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-009.json"
}
],
"title": "Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-009"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-05T11:49:30.977Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-009",
"initial_release_date": "2021-09-20T11:56:00.000Z",
"revision_history": [
{
"date": "2021-09-20T11:56:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product": {
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"773103",
"773104*",
"773113",
"773116",
"773123",
"7731260"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m B1",
"product": {
"name": "PNOZ m B1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m ES ETH",
"product": {
"name": "PNOZ m ES ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ mmc1p ETH",
"product": {
"name": "PNOZ mmc1p ETH",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for decentralised E/A-System",
"product": {
"name": "PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"312041",
"312042",
"312043"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for PSS 4000",
"product": {
"name": "PSSu-Module for PSS 4000",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"31206*",
"312070*",
"312071*",
"312077",
"312085*",
"312087",
"31407*",
"314085",
"314086",
"314087",
"315070*",
"315071*",
"315085",
"315086",
"316010",
"316020"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Firmware \u003c1.22.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.2",
"product": {
"name": "Firmware \u003cv1.2",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.8",
"product": {
"name": "Firmware \u003cv1.8",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Firmware 1.22.2",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.8 installed on PNOZ m B1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.2 installed on PNOZ m ES ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PNOZ mmc1p ETH",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-31006",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35683"
}
]
}
VDE-2021-032
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-08-04 07:57 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC
Notes
Summary: Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher's community.
Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.
Impact: A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.
Mitigation: Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
9.1 (Critical)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
7.5 (High)
Mitigation
Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Phoenix Contact is offering the mGuard product family for network segmentation and protection.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc
www.nozominetworks.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc",
"summary": "discovered and reported",
"urls": [
"https://www.nozominetworks.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/v1/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher\u0027s community.\nPhoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack to the Niche Ethernet stack can lead to Denial of Service or a Breach of Integrity of the PLC.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-032"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-032: PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-032.json"
}
],
"title": "PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC",
"tracking": {
"aliases": [
"VDE-2021-032"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-03-07T11:40:00.910Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-032",
"initial_release_date": "2021-08-04T07:57:00.000Z",
"revision_history": [
{
"date": "2021-08-04T07:57:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC 1050",
"product": {
"name": "AXC 1050",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2700988",
"2701295"
]
}
}
},
{
"category": "product_name",
"name": "EV-PLCC-AC1-DC1",
"product": {
"name": "EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1624130"
]
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "ILC1x0",
"product": {
"name": "ILC1x0",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "ILC1x1",
"product": {
"name": "ILC1x1",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2700973",
"2700974",
"2700975",
"2700976",
"2701034",
"2701141"
]
}
}
}
],
"category": "product_family",
"name": "ILC1x"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 1050",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on EV-PLCC-AC1-DC1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x0",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x1",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35685"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-35683"
},
{
"cve": "CVE-2021-31227",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using Phoenix Contact Classic Line Controllers are strongly recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\nPhoenix Contact is offering the mGuard product family for network segmentation and protection.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-31227"
}
]
}
VDE-2021-042
Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2021-10-18 08:24 - Updated: 2025-05-14 13:00Summary
Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities
Notes
Summary:
The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.
Mitigation: Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovery and reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "\nThe Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.",
"title": "Summary"
},
{
"category": "description",
"text": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@weidmueller.com",
"name": "Weidmueller Interface GmbH \u0026 Co. KG",
"namespace": "https://www.weidmueller.com"
},
"references": [
{
"category": "external",
"summary": "Weidmueller advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/weidmueller/"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-042"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - CSAF",
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-042.json"
}
],
"title": "Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-042"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-04-10T07:47:57.803Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2021-042",
"initial_release_date": "2021-10-18T08:24:00.000Z",
"revision_history": [
{
"date": "2021-10-18T08:24:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-04-10T07:45:00.000Z",
"number": "2",
"summary": "Fix: change vendor in product tree"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "UR20-FBC-CAN",
"product": {
"name": "UR20-FBC-CAN",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1334890000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC",
"product": {
"name": "UR20-FBC-CC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2625010000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC-TSN",
"product": {
"name": "UR20-FBC-CC-TSN",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2680260000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-DN",
"product": {
"name": "UR20-FBC-DN",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1334900000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC",
"product": {
"name": "UR20-FBC-EC",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1334910000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC-ECO",
"product": {
"name": "UR20-FBC-EC-ECO",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2659690000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EIP",
"product": {
"name": "UR20-FBC-EIP",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1334920000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-IEC61162-450",
"product": {
"name": "UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2661310000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-ECO",
"product": {
"name": "UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2659700000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-V2",
"product": {
"name": "UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2476450000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PB-DP-V2",
"product": {
"name": "UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2614380000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PL",
"product": {
"name": "UR20-FBC-PL",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"1334940000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-ECO",
"product": {
"name": "UR20-FBC-PN-ECO",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2659680000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-IRT-V2",
"product": {
"name": "UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2566380000"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.00.00",
"product": {
"name": "Firmware \u003c=01.00.00",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.01",
"product": {
"name": "Firmware \u003c=01.00.01",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.02",
"product": {
"name": "Firmware \u003c=01.00.02",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.01.00",
"product": {
"name": "Firmware \u003c=01.01.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.02.01",
"product": {
"name": "Firmware \u003c=01.02.01",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.08.00",
"product": {
"name": "Firmware \u003c=01.08.00",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.10.00",
"product": {
"name": "Firmware \u003c=01.10.00",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.11.00",
"product": {
"name": "Firmware \u003c=01.11.00",
"product_id": "CSAFPID-21008"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.12.00",
"product": {
"name": "Firmware \u003c=01.12.00",
"product_id": "CSAFPID-21009"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.08.01",
"product": {
"name": "Firmware \u003c=02.08.01",
"product_id": "CSAFPID-21010"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.11.00",
"product": {
"name": "Firmware \u003c=02.11.00",
"product_id": "CSAFPID-21011"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-CAN",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-CC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.01 installed on UR20-FBC-CC-TSN",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-DN",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.12.00 installed on UR20-FBC-EC",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.01 installed on UR20-FBC-EC-ECO",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.11.00 installed on UR20-FBC-EIP",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.01.00 installed on UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.00 installed on UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.08.01 installed on UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.10.00 installed on UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-PL",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-PN-ECO",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.11.00 installed on UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11014"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35683"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…