Treck IP stacks contain multiple vulnerabilities

Overview

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.

Description

Treck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities introduced by these bugs, see Treck’s Vulnerability Response Information and JSOF’s Ripple20 advisory.

Historically-related KASAGO TCP/IP middleware from Zuken Elmic (formerly Elmic Systems) is also affected by some of these vulnerabilities.

These vulnerabilities likely affect industrial control systems and medical devices. Please see ICS-CERT Advisory ICSA-20-168-01 for more information.

Impact

The impact of these vulnerabilities will vary due to the combination of build and runtime options used while developing different embedded systems. This diversity of implementations and the lack of supply chain visibility has exasperated the problem of accurately assessing the impact of these vulnerabilities. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or execute arbitrary code.

Solution

Apply updates

Update to the latest stable version of Treck IP stack software (6.0.1.67 or later). Please contact Treck at [email protected]. Downstream users of embedded systems that incorporate Treck IP stacks should contact their embedded system vendor.

Block anomalous IP traffic

Consider blocking network attacks via deep packet inspection. In some cases, modern switches, routers, and firewalls will drop malformed packets with no additional configuration. It is recommended that such security features are not disabled. Below is a list of possible mitigations that can be applied as appropriate to your network environment.

• Normalize or reject IP fragmented packets (IP Fragments) if not supported in your environment
• Disable or block IP tunneling, both IPv6-in-IPv4 or IP-in-IP tunneling if not required
• Block IP source routing and any IPv6 deprecated features like routing headers (see also VU#267289)
• Enforce TCP inspection and reject malformed TCP packets
• Block unused ICMP control messages such MTU Update and Address Mask updates
• Normalize DNS through a secure recursive server or application layer firewall
• Ensure that you are using reliable OSI layer 2 equipment (Ethernet)
• Provide DHCP/DHCPv6 security with feature like DHCP snooping
• Disable or block IPv6 multicast if not used in switching infrastructure

Further recommendations are available here.

Detect anomalous IP traffic

Suricata IDS has built-in decoder-event rules that can be customized to detect attempts to exploit these vulnerabilities. See the rule below for an example. A larger set of selected vu-257161.rules are available from the CERT/CC Github repository.

#IP-in-IP tunnel with fragments
alert ip any any -> any any (msg:"VU#257161:CVE-2020-11896, CVE-2020-11900 Fragments inside IP-in-IP tunnel https://kb.cert.org/vuls/id/257161"; ip_proto:4; fragbits:M; sid:1367257161; rev:1;)

Acknowledgements

Moshe Kol and Shlomi Oberman of JSOF https://jsof-tech.com researched and reported these vulnerabilities. Treck worked closely with us and other stakeholders to coordinate the disclosure of these vulnerabilities.

This document was written by Vijay Sarvepalli.

Vendor Information

257161

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Aruba Networks __ Affected

Updated: 2022-09-20 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please see updated information about Aruba/ HPE products in regards to the Ripple20 vulnerabilities - ARUBA-PSA-2020-006

References

• <https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt&gt;
• <https://asp.arubanetworks.com/notifications&gt;

Baxter US __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please see the Baxter bulletin link in References section

References

• <https://www.baxter.com/product-security#additionalresources&gt;
• <https://www.baxter.com/sites/g/files/ebysai746/files/2020-06/BulletinSpectrumDigiTreck (003).pdf&gt;

B. Braun __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/Skyline Response_Outlook_6.9.2020_FINAL1.pdf&gt;

CERT Addendum

B. Braun provide information via “Important information about our products and services” section of their website. Braun has mentioned this as Skyline/2020 vulnerability.

Brother USA __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

It was discovered that multiple potential vulnerabilities exist in the networking stack used in Brother products.

References

• https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100718_000
• https://support.brother.co.jp/j/b/faqend.aspx?c=jp&lang=ja&prod=group2&faqid=faq00100718_002

CERT Addendum

Please see references in both English and Japanese provided by Brother

CareStream __ Affected

Notified: 2020-08-19 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

For details on Carestream’s affected products, please see the Ripple20 Product Security Advisory.

References

• <https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy&gt;
• <https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/product-security-advisory---ripple20-v5.pdf?sc_lang=en&gt;

Caterpillar __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

ICS-CERT has communicated with Caterpillar and has confirmed this vulnerability. Please see ICS CERT announcement https://www.us-cert.gov/ics/advisories/icsa-20-168-01

Cisco __ Affected

Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

The list of confirmed products are under the “Vulnerable Products” section of the advisory.

References

• <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC&gt;

Dell __ Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please reference the Dell Security Notice link provided in the references section.

References

• <https://www.dell.com/support/article/SLN321836&gt;
• <https://www.dell.com/support/article/en-us/sln321836/dell-response-to-the-ripple20-vulnerabilities&gt;

Digi International __ Affected

Notified: 2020-05-21 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.digi.com/resources/security&gt;

CERT Addendum

Please look for an announcement from Digi on Treck’s vulnerabilities being addresses.

Eaton __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf&gt;

CERT Addendum

Please see Eaton Advisory in 2020 section

Fujitsu __ Affected

Updated: 2020-09-30

Statement Date: June 26, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please reference the Fujitsu PSIRT (CEE, NWE, UK&I) Security Advisory link provided in the references section.

References

• <https://support.ts.fujitsu.com/content/Fujitsu-PSIRT-PMD-IS-2019-121916.asp&gt;
• <https://jvn.jp/vu/JVNVU94736763/index.html&gt;

CERT Addendum

Please visit JPCERT status page for Fujitsu’s status https://jvn.jp/vu/JVNVU94736763/index.html

Green Hills Software __ Affected

Notified: 2020-07-10 Updated: 2020-06-25

Statement Date: July 10, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Green Hills Software LLC’s GHnet™ v2 network stack is based on the network stack from Treck Inc. Treck informed Green Hills Software of multiple vulnerabilities in its network stack, which were found by a third party.

While GHnet v2 is based on Treck’s network stack, the two are not identical. Green Hills Software has made many improvements, added new features, and fixed bugs in the product. Because of these improvements and INTEGRITY’s separation kernel architecture, the impact of these vulnerabilities on GHnet v2 is far less severe.

Green Hills Software has and will continue to advocate for running middleware, driver, and application code in partitioned virtual address spaces, rather than in the kernel. The INTEGRITY Real-Time Operating System was designed to provide isolation between applications and the kernel, protecting the rest of the system if an application fails or misbehaves. Due to the isolation provided by INTEGRITY, running the GHnet v2 stack in a virtual address space significantly reduces the impact of these vulnerabilities. Green Hills Software strongly recommends that the GHnet v2 network stack, all other middleware, and all application code be placed in separate virtual address spaces.

Green Hills Software will include fixes for these vulnerabilities in future releases of GHnet v2, and is making patches available to customers on previous releases. If you have questions about how these vulnerabilities may affect your system, please contact your Green Hills Software sales representative, or contact Green Hills Software Technical Support.

References

• <https://support.ghs.com/psirt/PSA-2020-05/&gt;

Hewlett Packard Enterprise __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please see HPE official link for information about ripple20 from HPE in the references section. For HPE’s Aruba specific devices please see Aruba advisory PSA-2020-006.

References

• <https://www.hpe.com/us/en/services/security-vulnerability.html&gt;
• <https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt&gt;
• <https://techhub.hpe.com/eginfolib/securityalerts/Ripple20/Ripple20.html&gt;

HP Inc. __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://support.hp.com/us-en/document/c06640149&gt;
• <https://support.hp.com/us-en/document/c06655639&gt;

CERT Addendum

HP Security Bulletin ID c06655639 addresses Treck’s vulnerability inherited through Intel. HP Security Bulletin c06640149 addresses HP and Samsung branded products that are impacted from Treck’s embedded IP stack.

Intel __ Affected

Notified: 2020-06-05 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please visit Intel’s public security advisory SA-00295 for information.

References

• <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html&gt;

CERT Addendum

Please check Intel’s advisory that provides mapping relevant mapping to Treck’s CVE listed in this advisory.

Mitsubishi Electric Corporation __ Affected

Updated: 2020-09-25

Statement Date: September 25, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have published an advisory on our official website. We are continuing to investigate impacts of this vulnerability for our products. We will update the advisory as needed.

References

• <https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-010_en.pdf&gt;

Ricoh Company Ltd. __ Affected

Updated: 2020-06-25

Statement Date: July 31, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.ricoh-usa.com/en/support-and-download/alerts/alerts-security-vulnerability-announcements&gt;

CERT Addendum

Ricoh has provided a public statement on Treck IP Stacks vulnerabilities, please use the link provided above.

Rockwell Automation __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

See Rockwell’s advisory https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896

References

• <https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896&gt;

Schneider Electric __ Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Schneider has provided a security advisory SESB-2020-168-01 addressing this issue.

References

• <https://www.se.com/ww/en/download/document/SESB-2020-168-01&gt;
• <https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp&gt;

Teradici __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Teradici has issued a security advisory (TERA-SA-000056) and has addressed this issue with updated firmware for Tera2 PCoIP Zero Clients and PCoIP Remote Workstation cards.

References

• <https://advisory.teradici.com/security-advisories/56/&gt;

Toshiba Corporation __ Affected

Updated: 2020-07-03

Statement Date: August 19, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We are continuing to investigate impacts of this vulnerability for some products. We will contact the related customers.

Treck __ Affected

Notified: 2020-04-03 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Treck’s customers can contact us for additional details than what is in the advisory.

References

• <https://treck.com/vulnerability-response-information/&gt;

Xerox __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://security.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20J_for_B2XX.pdf&gt;

CERT Addendum

Please see Xerox advisory mini bulletin XRX20J dated June 16,2020

Zuken Elmic __ Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.elwsc.co.jp/news/4136/&gt;
• <https://www.elwsc.co.jp/wp-content/uploads/2020/06/KASAGO202006-1.pdf&gt;

CERT Addendum

Please see ELMIC’s statement provided in References. Note that this product is also known as KASAGO TCP/IP.

Afero __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Afero does not currently use Treck’s TCP/IP stack

CERT Addendum

There are no additional comments at this time.

Apple __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Apple products are not impacted by this issue.

BlackBerry Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Blackberry QNX Not Affected

Notified: 2020-08-27 Updated: 2020-06-25

Statement Date: August 27, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Check Point __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Check Point is not vulnerable to the Ripple20 vulnerabilities as we don’t use Treck IP stack.

References

• <https://www.checkpoint.com/advisories/&gt;

Dell EMC __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please reference the Dell Security Notice link provided in the references section.

References

• <https://www.dell.com/support/article/SLN321836&gt;
• <https://www.dell.com/support/article/en-us/sln321836/dell-response-to-the-ripple20-vulnerabilities&gt;

IBM __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

IBM has found no impact to these vulnerabilities

LANCOM Systems GmbH __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

LANCOM Systems products are not vulnerable to these vulnerabilities. Further information can be found on our website https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/

References

• <https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/&gt;

Medtronic __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please refer to the Medtronic Security Bulletin linked in the references section below.

References

• <https://global.medtronic.com/xg-en/product-security/security-bulletins/ripple20-vulnerabilities.html&gt;

NetApp __ Not Affected

Updated: 2020-07-30 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

References

• <https://security.netapp.com/advisory/ntap-20200625-0006/&gt;

NVIDIA __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

NVIDIA is not affected by these vulnerabilities.

References

• <https://www.nvidia.com/en-us/security/&gt;

Philips Electronics __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Philips analysis revealed that we have one product vulnerable to Treck TCP/IP stack vulnerability, however, it is not yet released to the market.

References

• <https://www.philips.com/security&gt;

QNAP __ Not Affected

Notified: 2020-10-06 Updated: 2020-10-08

Statement Date: October 08, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

The products of QNAP does not include IP stacks from Treck embedded software.

Sierra Wireless __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Sierra Wireless Inc. products are not affected by this vulnerability.

References

• <https://www.sierrawireless.com/company/security/&gt;

SonicWall __ Not Affected

Notified: 2020-05-07 Updated: 2021-02-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Sonicwall has mentioned that Treck stack is not in use in their SonicOS https://community.sonicwall.com/technology-and-support/discussion/931/about-ripple20

Synology __ Not Affected

Notified: 2020-06-17 Updated: 2020-06-25

Statement Date: June 18, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Please see Synology advisory Synology-SA-20:15

References

• <https://www.synology.com/security/advisory/Synology_SA_20_15&gt;

Systech __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

This does not apply to Systech. We do not use Treck in any of our products.

CERT Addendum

There are no additional comments at this time.

Technicolor __ Not Affected

Notified: 2020-06-15 Updated: 2020-06-25

Statement Date: June 15, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

None of Technicolor products embeds Treck IP software stack. This includes the products transferred in 2015 from acquisition of Cisco Connected Devices Division.

Texas Instruments __ Not Affected

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

The TI Product Security Incident Response Team has conducted an analysis and concluded that TI’s products are not impacted by the potential vulnerabilities reported by Treck Inc. The TI PSIRT could not identify any hardware or software products from TI that make use of or contain the Treck Inc. embedded software TCP/IP stack.

References

• <https://www.ti.com/technologies/security/overview.html&gt;
• <http://www.ti.com/lit/SSZO001&gt;

Wind River Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CERT Addendum

There are no additional comments at this time.

Xilinx __ Not Affected

Notified: 2020-07-10 Updated: 2020-06-25

Statement Date: August 17, 2020

CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

Xilinx is not affected by these vulnerabilities.

References

• <https://www.xilinx.com/support/answers/75430.html&gt;
• <https://www.xilinx.com/support/service-portal/security.html&gt;

Zyxel __ Not Affected

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

With a thorough investigation, Zyxel confirms that their products are NOT affected because they do not use any Treck packages.

Broadcom __ Unknown

Notified: 2020-05-14 Updated: 2021-02-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Broadcom APM is not affected by these vulnerabilities. Broadcom’s reference can be found at https://knowledge.broadcom.com/external/article/194508/apm-impact-of-ripple20-vulnerability.html

Avaya Unknown

Updated: 2020-08-06 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

BAE Systems Unknown

Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Cesanta Unknown

Notified: 2020-08-28 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Citrix Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Dataprobe, Inc. Unknown

Notified: 2021-07-13 Updated: 2022-09-20 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Diebold Election Systems Unknown

Notified: 2020-08-31 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

D-Link Systems Inc. Unknown

Notified: 2020-08-19 Updated: 2020-08-20 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Elmic Systems Unknown

Updated: 2020-06-16 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

HMS Networks AB Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation (zseries) Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Kwikset Unknown

Notified: 2020-09-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

McCain Inc Unknown

Updated: 2020-09-30 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Micrium Unknown

Notified: 2020-09-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Monroe Electronics Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Motorola Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

OMRON Industrial Automation Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Panasonic Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Polycom Inc. Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Sharp Electronics Corporation Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

SimCom Wireless Unknown

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

TRENDnet Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Verifone Unknown

Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Verizon Unknown

Updated: 2020-07-03 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Vocera Unknown

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594	Unknown
CVE-2020-0595	Unknown CVE-2020-0597

Vendor Statement

We have not received a statement from the vendor.

View all 85 vendors __View less vendors __

References

• <https://www.jsof-tech.com/ripple20/&gt;
• <https://treck.com/vulnerability-response-information/&gt;
• <https://www.us-cert.gov/ics/advisories/icsa-20-168-01&gt;
• <https://jvn.jp/vu/JVNVU94736763/index.html&gt;

Other Information

CVE IDs:	CVE-2020-0594 CVE-2020-0595 CVE-2020-0597 CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-11914 CVE-2020-8674
API URL:	VINCE JSON
Date Public:	2020-06-16 Date First Published: