var-202108-0211
Vulnerability from variot
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2.
InterNiche Technologies NicheStack has an input validation error vulnerability, which stems from the boundary conditions of ICMP components. An attacker can use this vulnerability to trigger an out-of-bounds read error and cause a system denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0211",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nichestack",
"scope": "eq",
"trust": 1.0,
"vendor": "hcc embedded",
"version": "3.0"
},
{
"model": "7km9300-0ae02-0aa0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.4"
},
{
"model": "embedded interniche stack",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
},
{
"model": "embedded nichelite",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 July 20, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"cve": "CVE-2020-35683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35683",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-58801",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35683",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35683",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-58801",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-387",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. HCC Embedded\u0027s software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as \"INFRA:HALT\"CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2. \n\r\n\r\nInterNiche Technologies NicheStack has an input validation error vulnerability, which stems from the boundary conditions of ICMP components. An attacker can use this vulnerability to trigger an out-of-bounds read error and cause a system denial of service. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35683"
},
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-35683"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35683",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#608209",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-789208",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-58801",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2661",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-01",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080607",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080402",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-35683",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "VULMON",
"id": "CVE-2020-35683"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"id": "VAR-202108-0211",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58801"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58801"
}
]
},
"last_update_date": "2024-08-14T12:48:16.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for HCC Embedded InterNiche Technologies NicheStack input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/284986"
},
{
"title": "InterNiche Technologies NicheStack Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158934"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dcdeae95fabde3361948ed61a281b1cb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "VULMON",
"id": "CVE-2020-35683"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/608209"
},
{
"trust": 1.6,
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"trust": 1.6,
"url": "https://www.hcc-embedded.com"
},
{
"trust": 0.8,
"url": "cve-2020-25767 "
},
{
"trust": 0.8,
"url": "cve-2020-25926 "
},
{
"trust": 0.8,
"url": "cve-2020-25927 "
},
{
"trust": 0.8,
"url": "cve-2020-25928 "
},
{
"trust": 0.8,
"url": "cve-2020-35683 "
},
{
"trust": 0.8,
"url": "cve-2020-35684 "
},
{
"trust": 0.8,
"url": "cve-2020-35685 "
},
{
"trust": 0.8,
"url": "cve-2021-27565 "
},
{
"trust": 0.8,
"url": "cve-2021-31226 "
},
{
"trust": 0.8,
"url": "cve-2021-31227 "
},
{
"trust": 0.8,
"url": "cve-2021-31228 "
},
{
"trust": 0.8,
"url": "cve-2021-31400 "
},
{
"trust": 0.8,
"url": "cve-2021-31401 "
},
{
"trust": 0.8,
"url": "cve-2021-36762 "
},
{
"trust": 0.8,
"url": "vince json"
},
{
"trust": 0.8,
"url": "csaf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2661"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080402"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080607"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "VULMON",
"id": "CVE-2020-35683"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"db": "VULMON",
"id": "CVE-2020-35683"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-10T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"date": "2021-08-19T12:15:07.353000",
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58801"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-387"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2020-35683"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NicheStack embedded TCP/IP has vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.