Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities

VDE-2021-028

Last update

05/14/2025 15:00

Published at

08/16/2021 14:01

Vendor(s)

Pepperl+Fuchs SE

External ID

VDE-2021-028

CSAF Document

Download

Summary

Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.

For more information see advisory by Digi International Inc.:

Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International

Impact

Pepperl+Fuchs analyzed and identified affected devices.

The impact on the affected device is that it can

no longer perform acyclic requests
may drop all established cyclic connections may
disappear completely from the network

Affected Product(s)

Model no.	Product name	Affected versions
243598	VDM100-150-EIP/G2	Firmware <=2.00
256831	VDM100-300-EIP/G2	Firmware <=2.00
256830	VDM100-50-EIP/G2	Firmware <=2.00

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

Summary

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

Summary

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

Summary

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

Summary

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Weakness

Double Free (CWE-415)

Summary

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness

Out-of-bounds Write (CWE-787)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness

()

Summary

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness

Integer Underflow (Wrap or Wraparound) (CWE-191)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weakness

Missing Authorization (CWE-862)

Summary

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness

Integer Underflow (Wrap or Wraparound) (CWE-191)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

Summary

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness

()

Summary

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.

References

cve.org | nvd.nist.gov

Mitigation

An external protective measure is required.

Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).

Revision History

Version	Date	Summary
1	08/16/2021 14:01	Initial revision.
2	05/14/2025 15:00	Fix: added distribution

Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2020-11897 10

CVE-2020-11896 10

CVE-2020-11898 9.1

CVE-2020-11901 9

CVE-2020-11900 8.2

CVE-2020-11904 7.3

CVE-2020-11902 7.3

CVE-2020-11903 6.5

CVE-2020-11905 6.5

CVE-2020-11907 6.3

CVE-2020-11906 6.3

CVE-2020-11899 5.4

CVE-2020-11911 5.3

CVE-2020-11913 5.3

CVE-2020-11912 5.3

CVE-2020-11909 5.3

CVE-2020-11910 5.3

CVE-2020-11914 4.3

CVE-2020-11908 4.3

Mitigation

Revision History