VDE-2020-014

Vulnerability from csaf_pepperlfuchsse - Published: 2020-03-31 13:30 - Updated: 2025-05-14 14:34
Summary
Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets
Notes
Summary: Security researchers at ESET have reported a vulnerability called Kr00k (CVE-2019- 15126) which affects encrypted WiFi traffic for devices using Broadcom or Cypress chipsets. The vulnerability may allow an attacker to decrypt some WPA2- Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key (similar to KRACK vulnerability).
Impact: Pepperl+Fuchs analyzed its ECOM branded mobile device portfolio in respect of the 'Kr00k' vulnerabilities. To our current knowledge only Tab-Ex 02 is potentially affected by these vulnerabilities. Devices with security patch level <= 01.03.2020 are affected.
Mitigation: Pepperl+Fuchs is continuously and rigorously working closely with our partner to patch all affected Devices. Update for Tab-Ex 02 is planned for 05/2020 ECOM mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. It should be ensured that the data connections are additionally encrypted, e.g. HTTPS or SSH.
CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

3.1 (Low)
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Mitigation Pepperl+Fuchs is continuously and rigorously working closely with our partner to patch all affected Devices. Update for Tab-Ex 02 is planned for 05/2020 ECOM mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. It should be ensured that the data connections are additionally encrypted, e.g. HTTPS or SSH.
References
Acknowledgments
ESET
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "ESET",
        "summary": "discovery"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Security researchers at ESET have reported a vulnerability called Kr00k (CVE-2019- 15126) which affects encrypted WiFi traffic for devices using Broadcom or Cypress chipsets. The vulnerability may allow an attacker to decrypt some WPA2- Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key (similar to KRACK vulnerability).",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Pepperl+Fuchs analyzed its ECOM branded mobile device portfolio in respect of the \u0027Kr00k\u0027 vulnerabilities. To our current knowledge only Tab-Ex 02 is potentially affected by these vulnerabilities. Devices with security patch level \u003c= 01.03.2020 are affected.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Pepperl+Fuchs is continuously and rigorously working closely with our partner to patch all affected Devices.\n\nUpdate for Tab-Ex 02 is planned for 05/2020\n\nECOM mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. It should be ensured that the data connections are additionally encrypted, e.g. HTTPS or SSH.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cert@pepperl-fuchs.com",
      "name": "Pepperl+Fuchs SE",
      "namespace": "https://www.pepperl-fuchs.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
        "url": "https://certvde.com/en/advisories/vendor/pepperl+fuchs/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-014: Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2020-014/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-014: Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets - CSAF",
        "url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-014.json"
      }
    ],
    "title": "Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets",
    "tracking": {
      "aliases": [
        "VDE-2020-014"
      ],
      "current_release_date": "2025-05-14T14:34:17.000Z",
      "generator": {
        "date": "2024-11-11T12:49:19.908Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.14"
        }
      },
      "id": "VDE-2020-014",
      "initial_release_date": "2020-03-31T13:30:00.000Z",
      "revision_history": [
        {
          "date": "2020-03-31T13:30:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T14:34:17.000Z",
          "number": "2",
          "summary": "Fix: version space"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Tab-Ex 02",
                "product": {
                  "name": "Tab-Ex 02",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=v01.03.2020",
                "product": {
                  "name": "Firmware \u003c=v01.03.2020",
                  "product_id": "CSAFPID-21001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Pepperl+Fuchs"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=v01.03.2020 installed on Tab-Ex 02",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-15126",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "description",
          "text": "\nAn issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "\nPepperl+Fuchs is continuously and rigorously working closely with our partner to patch all affected Devices.\n\nUpdate for Tab-Ex 02 is planned for 05/2020\n\nECOM mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. It should be ensured that the data connections are additionally encrypted, e.g. HTTPS or SSH.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "environmentalScore": 3.1,
            "environmentalSeverity": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 3.1,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": " CVE-2019-15126"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.