Details of VAR-202108-0212

ID

VAR-202108-0212

CVE

CVE-2020-35684

TITLE

NicheStack embedded TCP/IP has vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#608209

DESCRIPTION

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. InterNiche Technologies NicheStack has an input validation error vulnerability, which exists due to insufficient input validation provided by users in the TCP component. A remote attacker can use this vulnerability to pass specially crafted input to the application and perform a denial of service (DoS) attack. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

Trust: 2.79

sources: NVD: CVE-2020-35684 // CERT/CC: VU#608209 // CNVD: CNVD-2021-58800 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-35684

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-58800

AFFECTED PRODUCTS

vendor:	siemens	model:	sentron 3wl com35	scope:	lt	version:	1.2.0	Trust: 1.0
vendor:	hcc embedded	model:	nichestack	scope:	eq	version:	3.0	Trust: 1.0
vendor:	siemens	model:	sentron 3wa com190	scope:	lt	version:	2.0.0	Trust: 1.0
vendor:	hcc	model:	embedded interniche stack	scope:	lt	version:	v4.3	Trust: 0.6
vendor:	hcc	model:	embedded nichelite	scope:	lt	version:	v4.3	Trust: 0.6

sources: CNVD: CNVD-2021-58800 // NVD: CVE-2020-35684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35684
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-58800
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-416
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35684
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-58800
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35684
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-58800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-416 // NVD: CVE-2020-35684

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2020-35684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-416

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for HCC Embedded InterNiche Technologies NicheStack input verification error vulnerability (CNVD-2021-58800)	url:	https://www.cnvd.org.cn/patchInfo/show/285006	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dcdeae95fabde3361948ed61a281b1cb	Trust: 0.1

sources: CNVD: CNVD-2021-58800 // VULMON: CVE-2020-35684

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35684	Trust: 3.1
db:	CERT/CC	id:	VU#608209	Trust: 2.4
db:	SIEMENS	id:	SSA-789208	Trust: 2.3
db:	CNVD	id:	CNVD-2021-58800	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021080402	Trust: 0.6
db:	CS-HELP	id:	SB2021080607	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-217-01	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2661	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-416	Trust: 0.6
db:	VULMON	id:	CVE-2020-35684	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58800 // VULMON: CVE-2020-35684 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-416 // NVD: CVE-2020-35684

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf	Trust: 2.2
url:	https://www.kb.cert.org/vuls/id/608209	Trust: 1.6
url:	https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/	Trust: 1.6
url:	https://www.hcc-embedded.com	Trust: 1.6
url:	cve-2020-25767	Trust: 0.8
url:	cve-2020-25926	Trust: 0.8
url:	cve-2020-25927	Trust: 0.8
url:	cve-2020-25928	Trust: 0.8
url:	cve-2020-35683	Trust: 0.8
url:	cve-2020-35684	Trust: 0.8
url:	cve-2020-35685	Trust: 0.8
url:	cve-2021-27565	Trust: 0.8
url:	cve-2021-31226	Trust: 0.8
url:	cve-2021-31227	Trust: 0.8
url:	cve-2021-31228	Trust: 0.8
url:	cve-2021-31400	Trust: 0.8
url:	cve-2021-31401	Trust: 0.8
url:	cve-2021-36762	Trust: 0.8
url:	vince json	Trust: 0.8
url:	csaf	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2661	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080402	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080607	Trust: 0.6
url:	https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58800 // VULMON: CVE-2020-35684 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-416 // NVD: CVE-2020-35684

CREDITS

This document was written by Vijay Sarvepalli.Statement Date: July 20, 2021

Trust: 0.8

sources: CERT/CC: VU#608209

SOURCES

db:	CERT/CC	id:	VU#608209
db:	CNVD	id:	CNVD-2021-58800
db:	VULMON	id:	CVE-2020-35684
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-416
db:	NVD	id:	CVE-2020-35684

LAST UPDATE DATE

2024-08-14T12:46:59.412000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#608209	date:	2022-09-23T00:00:00
db:	CNVD	id:	CNVD-2021-58800	date:	2022-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-416	date:	2021-08-27T00:00:00
db:	NVD	id:	CVE-2020-35684	date:	2021-08-26T18:21:10.807

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#608209	date:	2021-08-10T00:00:00
db:	CNVD	id:	CNVD-2021-58800	date:	2021-08-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-416	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2020-35684	date:	2021-08-19T12:15:08.020