Share: Email | Twitter

ID

VDE-2021-028

Published

2021-08-16 14:01 (CEST)

Last update

2021-08-16 14:01 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No° Product Name Affected Version(s)
243598 VDM100-150-EIP/G2 <= 2.00
256831 VDM100-300-EIP/G2 <= 2.00
256830 VDM100-50-EIP/G2 <= 2.00

Summary

Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.

For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International

Vulnerabilities



CVE-2020-11896
10.0
Last Update
July 9, 2020, 1:26 p.m.
Severity
10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Weakness
Improper Input Validation (CWE-20)
Summary

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

Details
nvd.nist.gov 
CVE-2020-11897
10.0
Last Update
July 9, 2020, 10:47 a.m.
Severity
10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
Details
nvd.nist.gov 
CVE-2020-11898
9.1
Last Update
July 9, 2020, 1:15 p.m.
Severity
9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
Details
nvd.nist.gov 
CVE-2020-11901
9.0
Last Update
July 9, 2020, 1:15 p.m.
Severity
9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Weakness
Improper Input Validation (CWE-20)
Summary
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
Details
nvd.nist.gov 
CVE-2020-11900
8.2
Last Update
July 9, 2020, 1:15 p.m.
Severity
8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
Weakness
Double Free (CWE-415)
Summary
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
Details
nvd.nist.gov 
CVE-2020-11902
7.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11904
7.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Weakness
Out-of-bounds Write (CWE-787)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.
Details
nvd.nist.gov 
CVE-2020-11905
6.5
Last Update
July 9, 2020, 1:15 p.m.
Severity
6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11903
6.5
Last Update
July 9, 2020, 1:15 p.m.
Severity
6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11906
6.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
6.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Weakness
Integer Underflow (Wrap or Wraparound) (CWE-191)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
Details
nvd.nist.gov 
CVE-2020-11907
6.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
6.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Weakness
Other (NVD-CWE-Other)
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.
Details
nvd.nist.gov 
CVE-2020-11899
5.4
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11910
5.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11909
5.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Weakness
Integer Underflow (Wrap or Wraparound) (CWE-191)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
Details
nvd.nist.gov 
CVE-2020-11912
5.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11913
5.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Details
nvd.nist.gov 
CVE-2020-11911
5.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Weakness
Missing Authorization (CWE-862)
Summary
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
Details
nvd.nist.gov 
CVE-2020-11908
4.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Weakness
Other (NVD-CWE-Other)
Summary
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
Details
nvd.nist.gov 
CVE-2020-11914
4.3
Last Update
July 9, 2020, 1:15 p.m.
Severity
4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.
Details
nvd.nist.gov 

Impact

Pepperl+Fuchs analyzed and identified affected devices.

The impact on the affected device is that it can

  • no longer perform acyclic requests
  • may drop all established cyclic connections may
  • disappear completely from the network

Solution

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Reported by

Digi International Inc.
Coordinated by CERT@VDE