VDE-2021-009
Vulnerability from csaf_pilzgmbhcokg - Published: 2021-09-20 11:56 - Updated: 2025-05-14 13:00Summary
Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities
Notes
Summary: Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
Mitigation: It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Remediation: | Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
Impact: Die Schwachstellen ermöglichen einem entfernten Angreifer:
- einen Neustart des Geräts auszulösen, was zu einer Denial-of-Service-Situation führt
- eine TCP-Verbindung zu kapern
### Betroffene Produkte und CVEs
| Produkt | Betroffen von CVEs |
|----------------------------------------------|--------------------|
| PSSu-Module für dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PSSu-Module für PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |
| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)
9.1 (Critical)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.
Vendor Fix
| Produkt | Maßnahme |
|----------------------------------------------|------------------------------------------------------|
| PSSu-Module für dezentrales E/A-System | siehe Mitigation |
| PSSu-Module für PSS 4000 | Firmware auf 1.22.2 aktualisieren * |
| PNOZ m B1 | siehe Mitigation ** |
| PNOZ m ES ETH | siehe Mitigation ** |
| PNOZ mmc1p ETH | siehe Mitigation |
| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |
\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.
\** Diese Produkte sind im Feld nicht updatefähig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.
References
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple products of PILZ utilise a third-party TCP/IP implementation - the \"Niche Ethernet Stack\". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.",
"title": "Summary"
},
{
"category": "description",
"text": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"title": "Mitigation"
},
{
"category": "description",
"text": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"title": "Remediation"
},
{
"category": "description",
"text": "Die Schwachstellen erm\u00f6glichen einem entfernten Angreifer:\n\n- einen Neustart des Ger\u00e4ts auszul\u00f6sen, was zu einer Denial-of-Service-Situation f\u00fchrt\n- eine TCP-Verbindung zu kapern\n\n### Betroffene Produkte und CVEs\n\n| Produkt | Betroffen von CVEs |\n|----------------------------------------------|--------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PSSu-Module f\u00fcr PSS 4000 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-31400, CVE-2021-31401 |\n| PNOZ m B1 | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ m ES ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| PNOZ mmc1p ETH | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | CVE-2020-35683, CVE-2020-35684, CVE-2020-35685 |",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "Pilz advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/vde-2021-009"
},
{
"category": "self",
"summary": "VDE-2021-009: Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-009.json"
}
],
"title": "Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-009"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-05T11:49:30.977Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-009",
"initial_release_date": "2021-09-20T11:56:00.000Z",
"revision_history": [
{
"date": "2021-09-20T11:56:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product": {
"name": "Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"773103",
"773104*",
"773113",
"773116",
"773123",
"7731260"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m B1",
"product": {
"name": "PNOZ m B1",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ m ES ETH",
"product": {
"name": "PNOZ m ES ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PNOZ mmc1p ETH",
"product": {
"name": "PNOZ mmc1p ETH",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"316020"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for decentralised E/A-System",
"product": {
"name": "PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"312041",
"312042",
"312043"
]
}
}
},
{
"category": "product_name",
"name": "PSSu-Module for PSS 4000",
"product": {
"name": "PSSu-Module for PSS 4000",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"31206*",
"312070*",
"312071*",
"312077",
"312085*",
"312087",
"31407*",
"314085",
"314086",
"314087",
"315070*",
"315071*",
"315085",
"315086",
"316010",
"316020"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Firmware \u003c1.22.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.2",
"product": {
"name": "Firmware \u003cv1.2",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003cv1.8",
"product": {
"name": "Firmware \u003cv1.8",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Firmware 1.22.2",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Base-Device PNOZ mxp ETH (PNOZmulti Classic)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.8 installed on PNOZ m B1",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cv1.2 installed on PNOZ m ES ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PNOZ mmc1p ETH",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PSSu-Module for decentralised E/A-System",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.22.2 installed on PSSu-Module for PSS 4000 installed on PSSu-Module for PSS 4000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-31006",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35685",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2021-31400",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment\u0027s data. If the panic function hadn\u0027t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-31400"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is adviced to use firewalls or similar network security devices to prevent unauthorized network communication to the products affected.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "| Produkt | Ma\u00dfnahme |\n|----------------------------------------------|------------------------------------------------------|\n| PSSu-Module f\u00fcr dezentrales E/A-System | siehe Mitigation |\n| PSSu-Module f\u00fcr PSS 4000 | Firmware auf 1.22.2 aktualisieren * |\n| PNOZ m B1 | siehe Mitigation ** |\n| PNOZ m ES ETH | siehe Mitigation ** |\n| PNOZ mmc1p ETH | siehe Mitigation |\n| Base-Device PNOZ mxp ETH (PNOZmulti Classic) | siehe Mitigation |\n\n\\* CVE-2020-35685 wird in diesem Update nicht behoben, da es keine Auswirkungen auf die Sicherheit der verwendeten Dienste und Protokolle (MODBUS/TCP und RAW-TCP) hat.\n\n\\** Diese Produkte sind im Feld nicht updatef\u00e4hig. Sie verwenden eine vom Hersteller vorinstallierte, feste Firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-35683"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…