var-202108-0212
Vulnerability from variot
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25926 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-25927 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-25928 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15.
A fix for this will be available from HCC on 2021-02-19 CVE-2020-35683 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5.
A fix for this will be available from HCC on 2021-03-02 CVE-2020-35684 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2020-35685 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-27565 Affected Vendor Statement: The infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. CVE-2021-31226 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31227 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31228 Affected Vendor Statement: This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. CVE-2021-31400 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-02-26 CVE-2021-31401 Affected Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9.
A fix for this will be available from HCC on 2021-03-16 CVE-2021-36762 Unknown Vendor Statement: This issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2.
InterNiche Technologies NicheStack has an input validation error vulnerability, which exists due to insufficient input validation provided by users in the TCP component. A remote attacker can use this vulnerability to pass specially crafted input to the application and perform a denial of service (DoS) attack. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sentron 3wl com35",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "nichestack",
"scope": "eq",
"trust": 1.0,
"vendor": "hcc embedded",
"version": "3.0"
},
{
"model": "sentron 3wa com190",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "embedded interniche stack",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
},
{
"model": "embedded nichelite",
"scope": "lt",
"trust": 0.6,
"vendor": "hcc",
"version": "v4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 July 20, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"cve": "CVE-2020-35684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35684",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-58800",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35684",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35684",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-58800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-416",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). HCC Embedded\u0027s software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as \"INFRA:HALT\"CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2CVE-2020-25767 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25926 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-25927 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-25928 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_common module version 1.15. \r\n\r\nA fix for this will be available from HCC on 2021-02-19\nCVE-2020-35683 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_ipv4 module version 1.5. \r\n\r\nA fix for this will be available from HCC on 2021-03-02\nCVE-2020-35684 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2020-35685 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-27565 Affected\nVendor Statement:\nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. \nCVE-2021-31226 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31227 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31228 Affected\nVendor Statement:\nThis is an issue in all versions of Nichestack \u003c4.3,\r\nThis issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \nCVE-2021-31400 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-02-26\nCVE-2021-31401 Affected\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is present in the in_tcp module version 1.9. \r\n\r\nA fix for this will be available from HCC on 2021-03-16\nCVE-2021-36762 Unknown\nVendor Statement:\nThis issue is present in all versions of Nichestack prior to 4.3. \r\nThe global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. \r\nThe issue is fixed in in_tftp module version 1.2. \n\r\n\r\nInterNiche Technologies NicheStack has an input validation error vulnerability, which exists due to insufficient input validation provided by users in the TCP component. A remote attacker can use this vulnerability to pass specially crafted input to the application and perform a denial of service (DoS) attack. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens Security Advisory",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35684"
},
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-35684"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35684",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#608209",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-789208",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-58800",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080402",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080607",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2661",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-416",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-35684",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "VULMON",
"id": "CVE-2020-35684"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"id": "VAR-202108-0212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58800"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58800"
}
]
},
"last_update_date": "2024-08-14T12:46:59.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for HCC Embedded InterNiche Technologies NicheStack input verification error vulnerability (CNVD-2021-58800)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/285006"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dcdeae95fabde3361948ed61a281b1cb"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "VULMON",
"id": "CVE-2020-35684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/608209"
},
{
"trust": 1.6,
"url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"
},
{
"trust": 1.6,
"url": "https://www.hcc-embedded.com"
},
{
"trust": 0.8,
"url": "cve-2020-25767 "
},
{
"trust": 0.8,
"url": "cve-2020-25926 "
},
{
"trust": 0.8,
"url": "cve-2020-25927 "
},
{
"trust": 0.8,
"url": "cve-2020-25928 "
},
{
"trust": 0.8,
"url": "cve-2020-35683 "
},
{
"trust": 0.8,
"url": "cve-2020-35684 "
},
{
"trust": 0.8,
"url": "cve-2020-35685 "
},
{
"trust": 0.8,
"url": "cve-2021-27565 "
},
{
"trust": 0.8,
"url": "cve-2021-31226 "
},
{
"trust": 0.8,
"url": "cve-2021-31227 "
},
{
"trust": 0.8,
"url": "cve-2021-31228 "
},
{
"trust": 0.8,
"url": "cve-2021-31400 "
},
{
"trust": 0.8,
"url": "cve-2021-31401 "
},
{
"trust": 0.8,
"url": "cve-2021-36762 "
},
{
"trust": 0.8,
"url": "vince json"
},
{
"trust": 0.8,
"url": "csaf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2661"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080402"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080607"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-789208.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "VULMON",
"id": "CVE-2020-35684"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#608209"
},
{
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"db": "VULMON",
"id": "CVE-2020-35684"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-10T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2021-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"date": "2021-08-19T12:15:08.020000",
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "CERT/CC",
"id": "VU#608209"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-58800"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-416"
},
{
"date": "2021-08-26T18:21:10.807000",
"db": "NVD",
"id": "CVE-2020-35684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NicheStack embedded TCP/IP has vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#608209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.