Details of VAR-202108-0211

ID

VAR-202108-0211

CVE

CVE-2020-35683

TITLE

NicheStack embedded TCP/IP has vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#608209

DESCRIPTION

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. InterNiche Technologies NicheStack has an input validation error vulnerability, which stems from the boundary conditions of ICMP components. An attacker can use this vulnerability to trigger an out-of-bounds read error and cause a system denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

Trust: 2.79

sources: NVD: CVE-2020-35683 // CERT/CC: VU#608209 // CNVD: CNVD-2021-58801 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-35683

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-58801

AFFECTED PRODUCTS

vendor:	hcc embedded	model:	nichestack	scope:	eq	version:	3.0	Trust: 1.0
vendor:	siemens	model:	7km9300-0ae02-0aa0	scope:	lt	version:	3.0.4	Trust: 1.0
vendor:	hcc	model:	embedded interniche stack	scope:	lt	version:	v4.3	Trust: 0.6
vendor:	hcc	model:	embedded nichelite	scope:	lt	version:	v4.3	Trust: 0.6

sources: CNVD: CNVD-2021-58801 // NVD: CVE-2020-35683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35683
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-58801
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-387
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35683
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-58801
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35683
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-58801 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-387 // NVD: CVE-2020-35683

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.0

sources: NVD: CVE-2020-35683

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-387

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for HCC Embedded InterNiche Technologies NicheStack input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/284986	Trust: 0.6
title:	InterNiche Technologies NicheStack Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158934	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dcdeae95fabde3361948ed61a281b1cb	Trust: 0.1

sources: CNVD: CNVD-2021-58801 // VULMON: CVE-2020-35683 // CNNVD: CNNVD-202108-387

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35683	Trust: 3.1
db:	CERT/CC	id:	VU#608209	Trust: 2.4
db:	SIEMENS	id:	SSA-789208	Trust: 2.3
db:	CNVD	id:	CNVD-2021-58801	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2661	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-217-01	Trust: 0.6
db:	CS-HELP	id:	SB2021080607	Trust: 0.6
db:	CS-HELP	id:	SB2021080402	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-387	Trust: 0.6
db:	VULMON	id:	CVE-2020-35683	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58801 // VULMON: CVE-2020-35683 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-387 // NVD: CVE-2020-35683

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf	Trust: 2.2
url:	https://www.kb.cert.org/vuls/id/608209	Trust: 1.6
url:	https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/	Trust: 1.6
url:	https://www.hcc-embedded.com	Trust: 1.6
url:	cve-2020-25767	Trust: 0.8
url:	cve-2020-25926	Trust: 0.8
url:	cve-2020-25927	Trust: 0.8
url:	cve-2020-25928	Trust: 0.8
url:	cve-2020-35683	Trust: 0.8
url:	cve-2020-35684	Trust: 0.8
url:	cve-2020-35685	Trust: 0.8
url:	cve-2021-27565	Trust: 0.8
url:	cve-2021-31226	Trust: 0.8
url:	cve-2021-31227	Trust: 0.8
url:	cve-2021-31228	Trust: 0.8
url:	cve-2021-31400	Trust: 0.8
url:	cve-2021-31401	Trust: 0.8
url:	cve-2021-36762	Trust: 0.8
url:	vince json	Trust: 0.8
url:	csaf	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2661	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080402	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080607	Trust: 0.6
url:	https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58801 // VULMON: CVE-2020-35683 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-387 // NVD: CVE-2020-35683

CREDITS

This document was written by Vijay Sarvepalli.Statement Date: July 20, 2021

Trust: 0.8

sources: CERT/CC: VU#608209

SOURCES

db:	CERT/CC	id:	VU#608209
db:	CNVD	id:	CNVD-2021-58801
db:	VULMON	id:	CVE-2020-35683
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-387
db:	NVD	id:	CVE-2020-35683

LAST UPDATE DATE

2024-08-14T12:48:16.560000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#608209	date:	2022-09-23T00:00:00
db:	CNVD	id:	CNVD-2021-58801	date:	2022-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-387	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2020-35683	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#608209	date:	2021-08-10T00:00:00
db:	CNVD	id:	CNVD-2021-58801	date:	2021-08-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-387	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2020-35683	date:	2021-08-19T12:15:07.353