Details of VAR-202108-1051

ID

VAR-202108-1051

CVE

CVE-2021-31401

TITLE

NicheStack embedded TCP/IP has vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#608209

DESCRIPTION

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2. HCC Embedded InterNiche is a newsletter software. The HCC Embedded InterNiche stack has an input verification error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory

Trust: 2.79

sources: NVD: CVE-2021-31401 // CERT/CC: VU#608209 // CNVD: CNVD-2021-58798 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-31401

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-58798

AFFECTED PRODUCTS

vendor:	siemens	model:	sentron 3wl com35	scope:	lt	version:	1.2.0	Trust: 1.0
vendor:	siemens	model:	sentron 3wa com190	scope:	lt	version:	2.0.0	Trust: 1.0
vendor:	hcc embedded	model:	nichestack	scope:	lt	version:	4.3	Trust: 1.0
vendor:	hcc	model:	embedded interniche stack	scope:	lt	version:	v4.3	Trust: 0.6
vendor:	hcc	model:	embedded nichelite	scope:	lt	version:	v4.3	Trust: 0.6

sources: CNVD: CNVD-2021-58798 // NVD: CVE-2021-31401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31401
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-58798
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-499
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-31401
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-58798
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-31401
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-58798 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-499 // NVD: CVE-2021-31401

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2021-31401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-499

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for HCC Embedded InterNiche input verification error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/285001	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dcdeae95fabde3361948ed61a281b1cb	Trust: 0.1

sources: CNVD: CNVD-2021-58798 // VULMON: CVE-2021-31401

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31401	Trust: 3.1
db:	CERT/CC	id:	VU#608209	Trust: 2.4
db:	SIEMENS	id:	SSA-789208	Trust: 2.3
db:	CNVD	id:	CNVD-2021-58798	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021080607	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-217-01	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2661	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-499	Trust: 0.6
db:	VULMON	id:	CVE-2021-31401	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58798 // VULMON: CVE-2021-31401 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-499 // NVD: CVE-2021-31401

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf	Trust: 2.2
url:	https://www.kb.cert.org/vuls/id/608209	Trust: 1.6
url:	https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/	Trust: 1.6
url:	cve-2020-25767	Trust: 0.8
url:	cve-2020-25926	Trust: 0.8
url:	cve-2020-25927	Trust: 0.8
url:	cve-2020-25928	Trust: 0.8
url:	cve-2020-35683	Trust: 0.8
url:	cve-2020-35684	Trust: 0.8
url:	cve-2020-35685	Trust: 0.8
url:	cve-2021-27565	Trust: 0.8
url:	cve-2021-31226	Trust: 0.8
url:	cve-2021-31227	Trust: 0.8
url:	cve-2021-31228	Trust: 0.8
url:	cve-2021-31400	Trust: 0.8
url:	cve-2021-31401	Trust: 0.8
url:	cve-2021-36762	Trust: 0.8
url:	vince json	Trust: 0.8
url:	csaf	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2661	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080607	Trust: 0.6
url:	https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt	Trust: 0.1

sources: CERT/CC: VU#608209 // CNVD: CNVD-2021-58798 // VULMON: CVE-2021-31401 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-499 // NVD: CVE-2021-31401

CREDITS

This document was written by Vijay Sarvepalli.Statement Date: July 20, 2021

Trust: 0.8

sources: CERT/CC: VU#608209

SOURCES

db:	CERT/CC	id:	VU#608209
db:	CNVD	id:	CNVD-2021-58798
db:	VULMON	id:	CVE-2021-31401
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-499
db:	NVD	id:	CVE-2021-31401

LAST UPDATE DATE

2024-08-14T12:09:22.689000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#608209	date:	2022-09-23T00:00:00
db:	CNVD	id:	CNVD-2021-58798	date:	2022-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-499	date:	2021-08-27T00:00:00
db:	NVD	id:	CVE-2021-31401	date:	2021-08-26T18:09:19.857

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#608209	date:	2021-08-10T00:00:00
db:	CNVD	id:	CNVD-2021-58798	date:	2021-08-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-499	date:	2021-08-05T00:00:00
db:	NVD	id:	CVE-2021-31401	date:	2021-08-19T12:15:08.893