Treck IP stacks contain multiple vulnerabilities

2020-06-16T00:00:00
ID VU:257161
Type cert
Reporter CERT
Modified 2020-07-03T16:46:00

Description

Overview

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.

Description

Treck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities introduced by these bugs, see Treck's Vulnerability Response Information and JSOF's Ripple20 advisory.

Historically-related KASAGO TCP/IP middleware from Zuken Elmic (formerly Elmic Systems) is also affected by some of these vulnerabilities.

These vulnerabilities likely affect industrial control systems and medical devices. Please see ICS-CERT Advisory ICSA-20-168-01 for more information.

Impact

The impact of these vulnerabilities will vary due to the combination of build and runtime options used while developing different embedded systems. This diversity of implementations and the lack of supply chain visibility has exasperated the problem of accurately assessing the impact of these vulnerabilities. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or execute arbitrary code.

Solution

Apply updates

Update to the latest stable version of Treck IP stack software (6.0.1.67 or later). Please contact Treck at security@treck.com. Downstream users of embedded systems that incorporate Treck IP stacks should contact their embbeded system vendor.

Block anomalous IP traffic

Consider blocking network attacks via deep packet inspection. In some cases, modern switches, routers, and firewalls will drop malformed packets with no additional configuration. It is recommended that such security features are not disabled. Below is a list of possible mitigations that can be applied as appropriate to your network environment.

  • Normalize or reject IP fragmented packets (IP Fragments) if not supported in your environment
  • Disable or block IP tunneling, both IPv6-in-IPv4 or IP-in-IP tunneling if not required
  • Block IP source routing and any IPv6 deprecated features like routing headers (see also VU#267289)
  • Enforce TCP inspection and reject malformed TCP packets
  • Block unused ICMP control messages such MTU Update and Address Mask updates
  • Normalize DNS through a secure recursive server or application layer firewall
  • Ensure that you are using reliable OSI layer 2 equipment (Ethernet)
  • Provide DHCP/DHCPv6 security with feature like DHCP snooping
  • Disable or block IPv6 multicast if not used in switching infrastructure

Further recommendations are available here.

Detect anomalous IP traffic

Suricata IDS has built-in decoder-event rules that can be customized to detect attempts to exploit these vulnerabilities. See the rule below for an example. A larger set of selected vu-257161.rules are available from the CERT/CC Github repository.

#IP-in-IP tunnel with fragments
alert ip any any -> any any (msg:"VU#257161:CVE-2020-11896, CVE-2020-11900 Fragments inside IP-in-IP tunnel https://kb.cert.org/vuls/id/257161"; ip_proto:4; fragbits:M; sid:1367257161; rev:1;)

Acknowledgements

Moshe Kol and Shlomi Oberman of JSOF https://jsof-tech.com researched and reported these vulnerabilities. Treck worked closely with us and other stakeholders to coordinate the disclosure of these vulnerabilities.

This document was written by Vijay Sarvepalli.

Vendor Information

257161

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Aruba Networks __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Affected

Vendor Statement

Please see updated information about Aruba/ HPE products in regards to the Ripple20 vulnerabilities - ARUBA-PSA-2020-006

References

  • <https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt>

Baxter US __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

Please see the Baxter bulletin link in References section

References

  • <https://www.baxter.com/sites/g/files/ebysai746/files/2020-06/BulletinSpectrumDigiTreck%20%28003%29.pdf>

B. Braun __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/Skyline%20Response_Outlook_6.9.2020_FINAL1.pdf>

CERT Addendum

B. Braun provide information via "Important information about our products and services" section of their website. Braun has mentioned this as Skyline/2020 vulnerability.

CareStream __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy>

CERT Addendum

CareStream is investigating this vulnerability and will update with information in the above referenced website. Please visit to get timely updates.

Caterpillar __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

ICS-CERT has communicated with Caterpillar and has confirmed this vulnerability. Please see ICS CERT announcement https://www.us-cert.gov/ics/advisories/icsa-20-168-01

Cisco __ Affected

Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

The list of confirmed products are under the "Vulnerable Products" section of the advisory.

References

  • <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC>

Digi International __ Affected

Notified: 2020-05-21 Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://www.digi.com/resources/security>

CERT Addendum

Please look for an announcement from Digi on Treck's vulnerabilities being addresses.

Eaton __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-security-bulletin-treck-tcp-ip-stack-vulnerabilities-ripple20.pdf>

CERT Addendum

Please see Eaton Advisory in 2020 section

Green Hills Software __ Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

Green Hills Software will include fixes for theses vulnerabilities in future releases of INTEGRITY and µ-velOSity, and is making patches available to customers on previous release

References

  • <https://support.ghs.com/psirt/PSA-2020-05/>

Hewlett Packard Enterprise __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

For HPE's Aruba specific devices please see Aruba advisory PSA-2020-006. More information on other HPE products will be released soon.

References

HP Inc. __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://support.hp.com/us-en/document/c06640149>
  • <https://support.hp.com/us-en/document/c06655639>

CERT Addendum

HP Security Bulletin ID c06655639 addresses Treck's vulnerability inherited through Intel. HP Security Bulletin c06640149 addresses HP and Samsung branded products that are impacted from Treck's embedded IP stack.

Intel __ Affected

Notified: 2020-06-05 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Please visit Intel's public security advisory SA-00295 for information.

References

  • <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html>

CERT Addendum

Please check Intel's advisory that provides mapping relevant mapping to Treck's CVE listed in this advisory.

Rockwell Automation __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

See Rockwell's advisory https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896

References

  • <https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896>

Schneider Electric __ Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

Schneider has provided a security advisory SESB-2020-168-01 addressing this issue.

References

  • <https://www.se.com/ww/en/download/document/SESB-2020-168-01>
  • <https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>

Teradici __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

Teradici has issued a security advisory (TERA-SA-000056) and has addressed this issue with updated firmware for Tera2 PCoIP Zero Clients and PCoIP Remote Workstation cards.

References

  • <https://advisory.teradici.com/security-advisories/56/>

Treck __ Affected

Notified: 2020-04-03 Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

Treck's customers can contact us for additional details than what is in the advisory.

References

  • <https://treck.com/vulnerability-response-information/>

Xerox __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://security.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20J_for_B2XX.pdf>

CERT Addendum

Please see Xerox advisory mini bulletin XRX20J dated June 16,2020

Zuken Elmic __ Affected

Updated: 2020-06-25 CVE-2020-11896| Affected
---|---
CVE-2020-11897| Affected
CVE-2020-11898| Affected
CVE-2020-11899| Affected
CVE-2020-11900| Affected
CVE-2020-11901| Affected
CVE-2020-11902| Affected
CVE-2020-11903| Affected
CVE-2020-11904| Affected
CVE-2020-11905| Affected
CVE-2020-11906| Affected
CVE-2020-11907| Affected
CVE-2020-11908| Affected
CVE-2020-11909| Affected
CVE-2020-11910| Affected
CVE-2020-11911| Affected
CVE-2020-11912| Affected
CVE-2020-11913| Affected
CVE-2020-11914| Affected

Vendor Statement

We have not received a statement from the vendor.

References

  • <https://www.elwsc.co.jp/news/4136/>
  • <https://www.elwsc.co.jp/wp-content/uploads/2020/06/KASAGO202006-1.pdf>

CERT Addendum

Please see ELMIC's statement provided in References. Note that this product is also known as KASAGO TCP/IP.

Afero __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Afero does not currently use Treck's TCP/IP stack

CERT Addendum

There are no additional comments at this time.

Apple __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Apple products are not impacted by this issue.

BlackBerry Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

We have not received a statement from the vendor.

Check Point __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Check Point is not vulnerable to the Ripple20 vulnerabilities as we don't use Treck IP stack.

References

  • <https://www.checkpoint.com/advisories/>

IBM Corporation __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

IBM has found no impact to these vulnerabilities

LANCOM Systems GmbH __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

LANCOM Systems products are not vulnerable to these vulnerabilities. Further information can be found on our website https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/

References

  • <https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/>

Medtronic __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Please refer to the Medtronic Security Bulletin linked in the references section below.

References

  • <https://global.medtronic.com/xg-en/product-security/security-bulletins/ripple20-vulnerabilities.html>

NVIDIA __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

NVIDIA is not affected by these vulnerabilities.

References

  • <https://www.nvidia.com/en-us/security/>

Philips Electronics __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Philips analysis revealed that we have one product vulnerable to Treck TCP/IP stack vulnerability, however, it is not yet released to the market.

References

  • <https://www.philips.com/security>

Sierra Wireless __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Sierra Wireless Inc. products are not affected by this vulnerability.

References

  • <https://www.sierrawireless.com/company/security/>

Synology __ Not Affected

Notified: 2020-06-17 Updated: 2020-06-25

Statement Date: June 18, 2020

CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

Please see Synology advisory Synology-SA-20:15

References

  • <https://www.synology.com/security/advisory/Synology_SA_20_15>

Systech __ Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

This does not apply to Systech. We do not use Treck in any of our products.

CERT Addendum

There are no additional comments at this time.

Technicolor __ Not Affected

Notified: 2020-06-15 Updated: 2020-06-25

Statement Date: June 15, 2020

CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

None of Technicolor products embeds Treck IP software stack. This includes the products transferred in 2015 from acquisition of Cisco Connected Devices Division.

Texas Instruments __ Not Affected

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

The TI Product Security Incident Response Team has conducted an analysis and concluded that TI's products are not impacted by the potential vulnerabilities reported by Treck Inc. The TI PSIRT could not identify any hardware or software products from TI that make use of or contain the Treck Inc. embedded software TCP/IP stack.

References

  • <https://www.ti.com/technologies/security/overview.html>
  • <http://www.ti.com/lit/SSZO001>

Wind River Not Affected

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CERT Addendum

There are no additional comments at this time.

Zyxel __ Not Affected

Updated: 2020-06-25 CVE-2020-11896| Not Affected
---|---
CVE-2020-11897| Not Affected
CVE-2020-11898| Not Affected
CVE-2020-11899| Not Affected
CVE-2020-11900| Not Affected
CVE-2020-11901| Not Affected
CVE-2020-11902| Not Affected
CVE-2020-11903| Not Affected
CVE-2020-11904| Not Affected
CVE-2020-11905| Not Affected
CVE-2020-11906| Not Affected
CVE-2020-11907| Not Affected
CVE-2020-11908| Not Affected
CVE-2020-11909| Not Affected
CVE-2020-11910| Not Affected
CVE-2020-11911| Not Affected
CVE-2020-11912| Not Affected
CVE-2020-11913| Not Affected
CVE-2020-11914| Not Affected

Vendor Statement

With a thorough investigation, Zyxel confirms that their products are NOT affected because they do not use any Treck packages.

BAE Systems Unknown

Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Broadcom Unknown

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Brother USA Unknown

Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Cesanta Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Citrix Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Diebold Election Systems Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Elmic Systems Unknown

Updated: 2020-06-16 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Fujitsu Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

HMS Networks AB Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation (zseries) Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Kwikset Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Micrium Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Monroe Electronics Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Motorola Inc. Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

OMRON Industrial Automation (Inactive) Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Panasonic Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Polycom Inc. Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

QNX Software Systems Inc. Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Ricoh Company Ltd. Unknown

Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Sharp Electronics Corporation Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

SimCom Wireless Unknown

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

SonicWall Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Toshiba Corporation Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

TRENDnet Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Verifone Unknown

Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Verizon Unknown

Updated: 2020-07-03 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Vocera Unknown

Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Xilinx Unknown

Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project Unknown

Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-11896| Unknown
---|---
CVE-2020-11897| Unknown
CVE-2020-11898| Unknown
CVE-2020-11899| Unknown
CVE-2020-11900| Unknown
CVE-2020-11901| Unknown
CVE-2020-11902| Unknown
CVE-2020-11903| Unknown
CVE-2020-11904| Unknown
CVE-2020-11905| Unknown
CVE-2020-11906| Unknown
CVE-2020-11907| Unknown
CVE-2020-11908| Unknown
CVE-2020-11909| Unknown
CVE-2020-11910| Unknown
CVE-2020-11911| Unknown
CVE-2020-11912| Unknown
CVE-2020-11913| Unknown
CVE-2020-11914| Unknown

Vendor Statement

We have not received a statement from the vendor.

View all 78 vendors View less vendors

References

  • <https://www.jsof-tech.com/ripple20/>
  • <https://treck.com/vulnerability-response-information/>
  • <https://www.us-cert.gov/ics/advisories/icsa-20-168-01>

Other Information

CVE IDs: | CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-11914
---|---
Date Public: | 2020-06-16
Date First Published: | 2020-06-16
Date Last Updated: | 2020-07-03 16:46 UTC
Document Revision: | 26