HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)

2021-12-16T00:00:00

Description

## 1\. EXECUTIVE SUMMARY * **CVSS v3 9.8** * **ATTENTION:** Exploitable remotely/low attack complexity * **Vendor: **HCC Embedded * **Equipment:** InterNiche stack (NicheStack), NicheLite * **Vulnerabilities: **Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Use of Insufficiently Random Values, Improper Input Validation, Uncaught Exception, Numeric Range Comparison Without Minimum Check, Generation of Predictable Numbers or Identifiers, Improper Check or Handling of Exceptional Conditions, Improper Null Termination CISA is aware of a public report, known as “INFRA:HALT” that details vulnerabilities found in the HCC Embedded InterNiche TCP/IP stack, previously known as InterNiche NicheStack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. ## 2\. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-217-01 HCC Embedded InterNiche TCP/IP stack NicheLite (Update A) that was published September 14, 2021, to the ICS webpage at www.cisa.gov/uscert. ## 3\. RISK EVALUATION Successful exploitation of these vulnerabilities may result in unauthorized access to arbitrary information, DNS cache poisoning, remote code execution, or a denial-of-service condition. ## 4\. TECHNICAL DETAILS ### 4.1 AFFECTED PRODUCTS The following embedded component TCP/IP stacks are affected: * InterNiche stack: All versions prior to v4.3 * NicheLite: All versions prior to v4.3 ### 4.2 VULNERABILITY OVERVIEW #### 4.2.1 [RETURN OF POINTER VALUE OUTSIDE OF EXPECTED RANGE CWE-466](<https://cwe.mitre.org/data/definitions/466.html>) When parsing DNS domain names, there are no checks on whether a domain name compression pointer is pointing within the bounds of the packet, which may result in an out-of-bounds read. [CVE-2020-25767](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 4.2.2 [IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130](<https://cwe.mitre.org/data/definitions/130.html>) The routine for parsing DNS response packets does not check the “response data length” field of individual DNS answers, which may cause an out-of-bounds read/write. [CVE-2020-25928](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). #### 4.2.3 [IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130](<https://cwe.mitre.org/data/definitions/130.html>) The number of queries or responses specified in the DNS packet header is not validated with the query/response data available in the DNS packet, leading to an out-of-bounds read. [CVE-2020-25927](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 4.2.4 [USE OF INSUFFICIENTLY RANDOM VALUES CWE-330](<https://cwe.mitre.org/data/definitions/330.html>) The DNS client does not sufficiently randomize transaction IDs, facilitating DNS cache poisoning attacks. [CVE-2020-25926](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)). #### 4.2.5 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) The code that parses ICMP packets relies on an unchecked value of the IP payload size to compute the ICMP checksum, which may result in an out-of-bounds read. [CVE-2020-35683](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 4.2.6 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) The code that parses TCP packets relies on an unchecked value of the IP payload size to compute the length of the TCP payload within the TCP checksum computation function, which may result in an out-of-bounds read. [CVE-2020-35684](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 4.2.7 [USE OF INSUFFICIENTLY RANDOM VALUES CWE-330](<https://cwe.mitre.org/data/definitions/330.html>) TCP ISNs are insufficiently randomized, which may result in TCP spoofing by an attacker. [CVE-2020-35685](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). #### 4.2.8 [UNCAUGHT EXCEPTION CWE-248](<https://cwe.mitre.org/data/definitions/248.html>) The TCP urgent data processing function may invoke a panic function, which may result in an infinite loop. [CVE-2021-31400](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). #### 4.2.9 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) An attacker could send a specially crafted IP packet to trigger an integer overflow due to the lack of IP length validation. [CVE-2021-31401](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). #### 4.2.10 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) A potential heap buffer overflow exists in the code that parses the HTTP POST request due to lack of size validation. [CVE-2021-31226](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H>)). #### 4.2.11 [NUMERIC RANGE COMPARISON WITHOUT MINIMUM CHECK CWE-839](<https://cwe.mitre.org/data/definitions/839.html>) A potential heap buffer overflow exists in the code that parses the HTTP POST request due to an incorrect signed integer comparison. [CVE-2021-31227](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). #### 4.2.12 [GENERATION OF PREDICTABLE NUMBERS OR IDENTIFIERS CWE-340](<https://cwe.mitre.org/data/definitions/340.html>) An attacker may be able to predict DNS queries’ source port to then send forged DNS response packets, which may be accepted as valid answers. [CVE-2021-31228](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)). #### 4.2.13 [IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703](<https://cwe.mitre.org/data/definitions/703.html>) Unhandled HTTP requests result in an infinite loop that disrupts TCP/IP communication. [CVE-2021-27565](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). #### 4.2.14 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>) The TFTP packet processing function does not ensure that the filename is null-terminated, which may result in a denial-of-service condition. [CVE-2021-36762](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)). ### 4.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple * **COUNTRIES/AREAS DEPLOYED: **Worldwide * **COMPANY HEADQUARTERS LOCATION: **Hungary ### 4.4 RESEARCHER Amine Amri, Stanislav Dashevskyi, and Daniel dos Santos from Forescout, and Asaf Karas and Shachar Menashe from VDOO reported these vulnerabilities to CISA. ## 5\. MITIGATIONS HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, [contact HCC](<mailto:security@hcc-embedded.com>). Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows: * [Siemens](<https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf>) **\--------- Begin Update B Part 1 of 1 ---------** * [Mitsubishi Electric MELSEC Series Remote I/O](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf>) **\--------- End Update B Part 1 of 1 ---------** CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the ICS webpage on [cisa.gov](<https://www.cisa.gov/uscert/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. ## Contact Information For any questions related to this report, please contact the CISA at: Email: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) Toll Free: 1-888-282-0870 For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics or incident reporting: https://us-cert.cisa.gov/report CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01>); we'd welcome your feedback.

{"id": "ICSA-21-217-01", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION:** Exploitable remotely/low attack complexity\n * **Vendor: **HCC Embedded\n * **Equipment:** InterNiche stack (NicheStack), NicheLite\n * **Vulnerabilities: **Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Use of Insufficiently Random Values, Improper Input Validation, Uncaught Exception, Numeric Range Comparison Without Minimum Check, Generation of Predictable Numbers or Identifiers, Improper Check or Handling of Exceptional Conditions, Improper Null Termination\n\nCISA is aware of a public report, known as \u201cINFRA:HALT\u201d that details vulnerabilities found in the HCC Embedded InterNiche TCP/IP stack, previously known as InterNiche NicheStack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the advisory update titled ICSA-21-217-01 HCC Embedded InterNiche TCP/IP stack NicheLite (Update A) that was published September 14, 2021, to the ICS webpage at www.cisa.gov/uscert.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities may result in unauthorized access to arbitrary information, DNS cache poisoning, remote code execution, or a denial-of-service condition.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following embedded component TCP/IP stacks are affected:\n\n * InterNiche stack: All versions prior to v4.3\n * NicheLite: All versions prior to v4.3\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [RETURN OF POINTER VALUE OUTSIDE OF EXPECTED RANGE CWE-466](<https://cwe.mitre.org/data/definitions/466.html>)\n\nWhen parsing DNS domain names, there are no checks on whether a domain name compression pointer is pointing within the bounds of the packet, which may result in an out-of-bounds read.\n\n[CVE-2020-25767](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.2 [IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130](<https://cwe.mitre.org/data/definitions/130.html>)\n\nThe routine for parsing DNS response packets does not check the \u201cresponse data length\u201d field of individual DNS answers, which may cause an out-of-bounds read/write.\n\n[CVE-2020-25928](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 4.2.3 [IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130](<https://cwe.mitre.org/data/definitions/130.html>)\n\nThe number of queries or responses specified in the DNS packet header is not validated with the query/response data available in the DNS packet, leading to an out-of-bounds read.\n\n[CVE-2020-25927](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 4.2.4 [USE OF INSUFFICIENTLY RANDOM VALUES CWE-330](<https://cwe.mitre.org/data/definitions/330.html>)\n\nThe DNS client does not sufficiently randomize transaction IDs, facilitating DNS cache poisoning attacks.\n\n[CVE-2020-25926](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)).\n\n#### 4.2.5 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nThe code that parses ICMP packets relies on an unchecked value of the IP payload size to compute the ICMP checksum, which may result in an out-of-bounds read.\n\n[CVE-2020-35683](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.6 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nThe code that parses TCP packets relies on an unchecked value of the IP payload size to compute the length of the TCP payload within the TCP checksum computation function, which may result in an out-of-bounds read.\n\n[CVE-2020-35684](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.7 [USE OF INSUFFICIENTLY RANDOM VALUES CWE-330](<https://cwe.mitre.org/data/definitions/330.html>)\n\nTCP ISNs are insufficiently randomized, which may result in TCP spoofing by an attacker.\n\n[CVE-2020-35685](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n#### 4.2.8 [UNCAUGHT EXCEPTION CWE-248](<https://cwe.mitre.org/data/definitions/248.html>)\n\nThe TCP urgent data processing function may invoke a panic function, which may result in an infinite loop.\n\n[CVE-2021-31400](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n#### 4.2.9 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nAn attacker could send a specially crafted IP packet to trigger an integer overflow due to the lack of IP length validation.\n\n[CVE-2021-31401](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n#### 4.2.10 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA potential heap buffer overflow exists in the code that parses the HTTP POST request due to lack of size validation.\n\n[CVE-2021-31226](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H>)).\n\n#### 4.2.11 [NUMERIC RANGE COMPARISON WITHOUT MINIMUM CHECK CWE-839](<https://cwe.mitre.org/data/definitions/839.html>)\n\nA potential heap buffer overflow exists in the code that parses the HTTP POST request due to an incorrect signed integer comparison.\n\n[CVE-2021-31227](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n#### 4.2.12 [GENERATION OF PREDICTABLE NUMBERS OR IDENTIFIERS CWE-340](<https://cwe.mitre.org/data/definitions/340.html>)\n\nAn attacker may be able to predict DNS queries\u2019 source port to then send forged DNS response packets, which may be accepted as valid answers.\n\n[CVE-2021-31228](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)).\n\n#### 4.2.13 [IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703](<https://cwe.mitre.org/data/definitions/703.html>)\n\nUnhandled HTTP requests result in an infinite loop that disrupts TCP/IP communication.\n\n[CVE-2021-27565](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n#### 4.2.14 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>)\n\nThe TFTP packet processing function does not ensure that the filename is null-terminated, which may result in a denial-of-service condition.\n\n[CVE-2021-36762](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Hungary\n\n### 4.4 RESEARCHER\n\nAmine Amri, Stanislav Dashevskyi, and Daniel dos Santos from Forescout, and Asaf Karas and Shachar Menashe from VDOO reported these vulnerabilities to CISA.\n\n## 5\\. MITIGATIONS\n\nHCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, [contact HCC](<mailto:security@hcc-embedded.com>).\n\nAdditional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:\n\n * [Siemens](<https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf>)\n\n**\\--------- Begin Update B Part 1 of 1 ---------**\n\n * [Mitsubishi Electric MELSEC Series Remote I/O](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf>)\n\n**\\--------- End Update B Part 1 of 1 ---------**\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the ICS webpage on [cisa.gov](<https://www.cisa.gov/uscert/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01>); we'd welcome your feedback.\n", "published": "2021-12-16T00:00:00", "modified": "2021-12-16T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.us-cert.gov/ics/advisories/icsa-21-217-01", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.cisa.gov/uscert", "https://www.cisa.gov", "https://www.cisa.gov", "https://www.cisa.gov/ics", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-21-217-01", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-21-217-01", "https://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-21-217-01", "https://cwe.mitre.org/data/definitions/466.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/130.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/130.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/330.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/330.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/248.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "https://cwe.mitre.org/data/definitions/839.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/340.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "https://cwe.mitre.org/data/definitions/703.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/170.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf", "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-022_en.pdf", "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "https://www.cisa.gov/uscert/ics/recommended-practices", "https://www.cisa.gov/uscert/ics", "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2020-25767", "CVE-2020-25926", "CVE-2020-25927", "CVE-2020-25928", "CVE-2020-35683", "CVE-2020-35684", "CVE-2020-35685", "CVE-2021-27565", "CVE-2021-31226", "CVE-2021-31227", "CVE-2021-31228", "CVE-2021-31400", "CVE-2021-31401", "CVE-2021-36762"], "immutableFields": [], "lastseen": "2022-10-26T00:13:43", "viewCount": 82, "enchantments": {"dependencies": {"references": [{"type": "cert", "idList": ["VU:608209"]}, {"type": "cve", "idList": ["CVE-2020-25767", "CVE-2020-25926", "CVE-2020-25927", "CVE-2020-25928", "CVE-2020-35683", "CVE-2020-35684", "CVE-2020-35685", "CVE-2021-27565", "CVE-2021-31226", "CVE-2021-31227", "CVE-2021-31228", "CVE-2021-31400", "CVE-2021-31401", "CVE-2021-36762"]}, {"type": "thn", "idList": ["THN:43F52471606DD0C9066A73570A015274"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:608209"]}, {"type": "cve", "idList": ["CVE-2020-25767", "CVE-2020-25926", "CVE-2020-25927", "CVE-2020-25928", "CVE-2020-35683", "CVE-2020-35684", "CVE-2020-35685", "CVE-2021-27565", "CVE-2021-31226", "CVE-2021-31227", "CVE-2021-31228", "CVE-2021-31400", "CVE-2021-31401", "CVE-2021-36762"]}, {"type": "ics", "idList": ["ICSA-13-011-01", "ICSA-13-149-01"]}, {"type": "thn", "idList": ["THN:43F52471606DD0C9066A73570A015274"]}, {"type": "threatpost", "idList": ["THREATPOST:134A95E2E7432DE5E6F46316E469C55B", "THREATPOST:75B109B5B464EBEE349E710C31FA89E1"]}]}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1666743321, "score": 1666743232}, "_internal": {"score_hash": "4a49241439d7cb86df9c37b25be5df19"}}

{"cert": [{"lastseen": "2022-09-23T21:12:23", "description": "### Overview\n\nHCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as \"INFRA:HALT\" \n\n### Description\n\nHCC Embedded acquired NicheStack from Interniche in order to provide TCP/IP protocol capabilities to lightweight devices such as IoT. NicheStack has been made available since late 1990's to a widely varied customer base in multiple forms to support various implementations. This has made NicheStack to be part of a complex supply chain into major industries including devices in [ critical infrastructure](<https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01>). \n\nForescout and JFrog researchers have identified [14 vulnerabilities](<https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/>) related to network packet processing errors in NicheStack and NicheLite versions 4.3 released before 2021-05-28. Most of these vulnerabilities stem from improper [memory management ](<https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152142>) commonly seen in lightweight operating systems. Of these 14 vulnerabilities, five involve processing of TCP and ICMP ([OSI](<https://en.wikipedia.org/wiki/OSI_model>) Layer-4 protocols) and the rest involve common application protocols such as HTTP and DNS (OSI Layer-7). The processing of these OSI layers involve a number of boundary checks and some specific \"application\" processing capabilities (such as randomization) commonly overlooked in development of lightweight networking software. \n\nVarious stakeholders, including HCC Embedded, have made attempts to reach impacted vendors to provide software fixes that address these issues. A lack of formalization of software OEM relationships and a lack of Software Bill of Materials (SBOM) has complicated this outreach and the much-needed identification of impacted devices. \n\n### Impact\n\nThe impact of exploiting these vulnerabilities will vary widely, depending on the implementation options used while developing embedded systems that use NicheStack or NicheLite. As these vulnerabilities involve processing of network packets, attackers can generally abuse these errors via remote network access. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or in some cases be able to execute arbitrary code on the target device. \n\n### Solution\n\n#### Apply updates\n\nThe most reliable way to address these vulnerabilities is to update to the latest stable version of NicheStack software mentioned in HCC Embedded mentioned in their [Security Advisories](<https://www.hcc-embedded.com/support/security-advisories>). If you are unsure or have discovered NicheStack using [open-source tools](<https://github.com/Forescout/project-memoria-detector>) provided by Forescout, reach out to HCC Embedded via their [PSIRT](<https://www.hcc-embedded.com/support/security-advisories/product-security-policy>) security team or to your upstream vendor in your supply chain to obtain the software fixes. HCC has also provided a [register to be notified](<https://www.hcc-embedded.com/support/security-advisories/security-advisories-notification>) web page for sustaining this outreach for their long-standing customers.\n\n#### Block anomalous IP traffic\n\nCERT/CC recognizes that many implementations of NicheStack involve longer lifecycles for patching. In the meantime, if feasible, organizations can consider isolating impacted devices and blocking network attacks using network inspection, as detailed below, when network isolation is not feasible. It is recommended that security features available to you in devices such as router, firewalls for blocking anomalous network packets are enabled and properly configured. Below is a list of possible mitigations that address some specific network attacks that attempt to exploit these vulnerabilities.\n\n * Provide DNS recursion services to the embedded devices using recursive DNS servers that are securely configured, and well-maintained with patches and updates.\n * Provide HTTP access to embedded devices that are in an isolated network via securely configured HTTP reverse proxy or using HTTP deep packet inspection firewalls.\n * Filter ICMP and TFTP access to embedded devices from the wider Internet and use stateful inspection of these protocols when accessible to wider Internet to avoid abuse.\n * Enforce TCP stateful inspection for embedded device and reject malformed TCP packets using router, firewall features as available to the operational environment.\n\nWhen blocking or isolating is not an option, perform passive inspection using IDS that can alert on anomalous attempts to exploit these vulnerabilities. See also our recommendations and IDS rules that were made available for Treck TCP/IP stack related vulnerabilities [VU#257161](<https://kb.cert.org/vuls/id/257161>) for [examples](<https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161>).\n\n### Acknowledgements\n\nThanks to Amine Amri, Stanislav Dashevskyi, and Daniel dos Santos from Forescout, and Asaf Karas and Shachar Menashe from JFrog who reported these vulnerabilities and supported coordinated disclosure. HCC Embedded, the primary OEM vendor, also supported our efforts to coordinate and develop security fixes to address these issues.\n\nThis document was written by Vijay Sarvepalli.\n\n### Vendor Information\n\n608209\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### HCC Embedded __ Affected\n\nNotified: 2020-11-12 Updated: 2021-08-10\n\n**Statement Date: July 20, 2021**\n\n**CVE-2020-25767**| Affected \n---|--- \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 \n**CVE-2020-25926**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-03-02 \n**CVE-2020-25927**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 \n**CVE-2020-25928**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_common module version 1.15. A fix for this will be available from HCC on 2021-02-19 \n**CVE-2020-35683**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_ipv4 module version 1.5. A fix for this will be available from HCC on 2021-03-02 \n**CVE-2020-35684**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 \n**CVE-2020-35685**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 \n**CVE-2021-27565**| Affected \n**Vendor Statement:** \nThe infinite loop entered in case this occurs is really for the user to implement when integrating the software. But whatever their implementation this code should not be structured like this. This is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \n**CVE-2021-31226**| Affected \n**Vendor Statement:** \nThis is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \n**CVE-2021-31227**| Affected \n**Vendor Statement:** \nThis is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \n**CVE-2021-31228**| Affected \n**Vendor Statement:** \nThis is an issue in all versions of Nichestack <4.3, This issue is fixed in Nichestack v4.3 with in_httpsvr module v1.7. \n**CVE-2021-31400**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-02-26 \n**CVE-2021-31401**| Affected \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is present in the in_tcp module version 1.9. A fix for this will be available from HCC on 2021-03-16 \n**CVE-2021-36762**| Unknown \n**Vendor Statement:** \nThis issue is present in all versions of Nichestack prior to 4.3. The global version number for Nichestack is now frozen at 4.3 and we now maintain version numbers for each module. The issue is fixed in in_tftp module version 1.2 \n \n### Phoenix Contact __ Affected\n\nNotified: 2020-11-17 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2020-25767**| Not Affected \n---|--- \n**CVE-2020-25926**| Not Affected \n**CVE-2020-25927**| Not Affected \n**CVE-2020-25928**| Not Affected \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Affected \n**CVE-2020-35685**| Affected \n**CVE-2021-27565**| Not Affected \n**CVE-2021-31226**| Not Affected \n**CVE-2021-31227**| Affected \n**CVE-2021-31228**| Not Affected \n**CVE-2021-31400**| Affected \n**CVE-2021-31401**| Affected \n**CVE-2021-36762**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://dam-mdc.phoenixcontact.com/asset/156443151564/fd2c482c84c16546afd992cf1786995e/Security_Advisory_Niche-Stack_20210804.pdf>\n * <https://cert.vde.com/de-de/advisories/vde-2021-032>\n\n### Rockwell Automation Affected\n\nNotified: 2020-11-12 Updated: 2021-08-10\n\n**Statement Date: July 23, 2021**\n\n**CVE-2020-25767**| Affected \n---|--- \n**CVE-2020-25926**| Affected \n**CVE-2020-25927**| Affected \n**CVE-2020-25928**| Affected \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Affected \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Siemens __ Affected\n\nNotified: 2020-11-12 Updated: 2021-08-10\n\n**Statement Date: August 04, 2021**\n\n**CVE-2020-25767**| Not Affected \n---|--- \n**CVE-2020-25926**| Not Affected \n**CVE-2020-25927**| Not Affected \n**CVE-2020-25928**| Not Affected \n**CVE-2020-35683**| Affected \n**CVE-2020-35684**| Affected \n**CVE-2020-35685**| Affected \n**CVE-2021-27565**| Not Affected \n**CVE-2021-31226**| Not Affected \n**CVE-2021-31227**| Not Affected \n**CVE-2021-31228**| Not Affected \n**CVE-2021-31400**| Not Affected \n**CVE-2021-31401**| Affected \n**CVE-2021-36762**| Not Affected \n \n#### Vendor Statement\n\nSiemens is aware of the security vulnerabilities in the InterNiche TCP/IP stack, also named \u201cINFRA:HALT\u201d and disclosed on 2021-08-04. The impact to Siemens products is described in the Security Advisory SSA-789208, published on 2021-08-04 on the Siemens ProductCERT page (https://www.siemens.com/cert/advisories).\n\n#### References\n\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf>\n\n### AVM GmbH Not Affected\n\nNotified: 2021-02-04 Updated: 2022-09-23\n\n**Statement Date: September 23, 2022**\n\n**CVE-2020-25767**| Not Affected \n---|--- \n**CVE-2020-25926**| Not Affected \n**CVE-2020-25927**| Not Affected \n**CVE-2020-25928**| Not Affected \n**CVE-2020-35683**| Not Affected \n**CVE-2020-35684**| Not Affected \n**CVE-2020-35685**| Not Affected \n**CVE-2021-27565**| Not Affected \n**CVE-2021-31226**| Not Affected \n**CVE-2021-31227**| Not Affected \n**CVE-2021-31228**| Not Affected \n**CVE-2021-31400**| Not Affected \n**CVE-2021-31401**| Not Affected \n**CVE-2021-36762**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fujitsu __ Not Affected\n\nNotified: 2021-06-01 Updated: 2021-08-10\n\n**Statement Date: August 04, 2021**\n\n**CVE-2020-25767**| Not Affected \n---|--- \n**CVE-2020-25926**| Not Affected \n**CVE-2020-25927**| Not Affected \n**CVE-2020-25928**| Not Affected \n**CVE-2020-35683**| Not Affected \n**CVE-2020-35684**| Not Affected \n**CVE-2020-35685**| Not Affected \n**CVE-2021-27565**| Not Affected \n**CVE-2021-31226**| Not Affected \n**CVE-2021-31227**| Not Affected \n**CVE-2021-31228**| Not Affected \n**CVE-2021-31400**| Not Affected \n**CVE-2021-31401**| Not Affected \n**CVE-2021-36762**| Not Affected \n \n#### Vendor Statement\n\nFujitsu is aware of the security vulnerabilities in HCC Embedded / InterNiche NicheStack, also known as \"INFRA:HALT\". \n\nFujitsu commenced an analysis, together with Fujitsu company PFU (EMEA) LIMITED. Despite initial findings by FORESCOUT, the NicheStack TCP/IP stack is not employed in PFU (EMEA) LIMITED or Fujitsu products. \n\nTherefore, there are no currently known affected Fujitsu products. Researchers from FORESCOUT were asked to remove a false-positive detection of certain Fujitsu company PFU (EMEA) LIMITED products. However, products by 3rd parties, based on PFU (EMEA) LIMITED products, may contain modifications and employ the HCC Embedded / InterNiche NicheStack. \n\nThe Fujitsu PSIRT provides a status for Fujitsu PSS-IS-2021-051916 on https://security.ts.fujitsu.com (Security Notices) accordingly. Due to the non-affection, the issue is therefore considered resolved. \n\nIn case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT (Fujitsu-PSIRT@ts.fujitsu.com).\n\n### Intel __ Not Affected\n\nNotified: 2020-11-12 Updated: 2021-08-10\n\n**Statement Date: July 21, 2021**\n\n**CVE-2020-25767**| Not Affected \n---|--- \n**CVE-2020-25926**| Not Affected \n**CVE-2020-25927**| Not Affected \n**CVE-2020-25928**| Not Affected \n**CVE-2020-35683**| Not Affected \n**CVE-2020-35684**| Not Affected \n**CVE-2020-35685**| Not Affected \n**CVE-2021-27565**| Not Affected \n**CVE-2021-31226**| Not Affected \n**CVE-2021-31227**| Not Affected \n**CVE-2021-31228**| Not Affected \n**CVE-2021-31400**| Not Affected \n**CVE-2021-31401**| Not Affected \n**CVE-2021-36762**| Not Affected \n \n#### Vendor Statement\n\nWe do not use nor ship with any of the NicheStack DNS capabilities.\n\n### ABB Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Green Hills Software Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitsubishi Electric Corporation Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NEC Corporation Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-11-17 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Polycom Inc. Unknown\n\nNotified: 2020-11-12 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Schneider Electric Unknown\n\nNotified: 2020-12-08 Updated: 2021-08-10 **CVE-2020-25767**| Unknown \n---|--- \n**CVE-2020-25926**| Unknown \n**CVE-2020-25927**| Unknown \n**CVE-2020-25928**| Unknown \n**CVE-2020-35683**| Unknown \n**CVE-2020-35684**| Unknown \n**CVE-2020-35685**| Unknown \n**CVE-2021-27565**| Unknown \n**CVE-2021-31226**| Unknown \n**CVE-2021-31227**| Unknown \n**CVE-2021-31228**| Unknown \n**CVE-2021-31400**| Unknown \n**CVE-2021-31401**| Unknown \n**CVE-2021-36762**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 20 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://www.hcc-embedded.com/support/security-advisories>\n * <https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/>\n * <https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/>\n * <https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01>\n * <https://cert.vde.com/de-de/advisories/vde-2021-032>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-25767 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25767>) [CVE-2020-25926 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25926>) [CVE-2020-25927 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25927>) [CVE-2020-25928 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25928>) [CVE-2020-35683 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-35683>) [CVE-2020-35684 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-35684>) [CVE-2020-35685 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-35685>) [CVE-2021-27565 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-27565>) [CVE-2021-31226 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-31226>) [CVE-2021-31227 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-31227>) [CVE-2021-31228 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-31228>) [CVE-2021-31400 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-31400>) [CVE-2021-31401 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-31401>) [CVE-2021-36762 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-36762>) \n---|--- \n**API URL: ** | VINCE JSON | CSAF \n**Date Public:** | 2021-08-10 \n**Date First Published:** | 2021-08-10 \n**Date Last Updated: ** | 2022-09-23 20:27 UTC \n**Document Revision: ** | 2 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "cert", "title": "NicheStack embedded TCP/IP has vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25767", "CVE-2020-25926", "CVE-2020-25927", "CVE-2020-25928", "CVE-2020-35683", "CVE-2020-35684", "CVE-2020-35685", "CVE-2021-27565", "CVE-2021-31226", "CVE-2021-31227", "CVE-2021-31228", "CVE-2021-31400", "CVE-2021-31401", "CVE-2021-36762"], "modified": "2022-09-23T20:27:00", "id": "VU:608209", "href": "https://www.kb.cert.org/vuls/id/608209", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "thn": [{"lastseen": "2022-05-09T12:39:16", "description": "[![](https://thehackernews.com/images/-_axjSeH4sc4/YQo2KKyFGsI/AAAAAAAADbo/gP8Wn-D4NagcEWgWxn5TlDp4NvaZZzaewCLcBGAsYHQ/s0/tcp-hack.jpg)](<https://thehackernews.com/images/-_axjSeH4sc4/YQo2KKyFGsI/AAAAAAAADbo/gP8Wn-D4NagcEWgWxn5TlDp4NvaZZzaewCLcBGAsYHQ/s0/tcp-hack.jpg>)\n\nCybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors.\n\nThe shortcomings, collectively dubbed \"INFRA:HALT,\" target NicheStack, potentially enabling an attacker to achieve remote code execution, denial of service, information leak, TCP spoofing, and even DNS cache poisoning.\n\nNicheStack (aka InterNiche stack) is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers (PLCs) and other products.\n\n\"Attackers could disrupt a building's HVAC system or take over the controllers used in manufacturing and other critical infrastructure,\" researchers from [JFrog](<https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/>) and [Forescout](<https://www.forescout.com/research-labs/project-memoria/>) said in a joint report published today. \"Successful attacks can result in taking OT and ICS devices offline and having their logic hijacked. Hijacked devices can spread malware to where they communicate on the network.\"\n\n[![](https://thehackernews.com/images/-EAW2jGbOr5A/YQovp_ZA2uI/AAAAAAAADbY/pTwWE0j6a4wD8Je4InBSV_a-sEmV14ARgCLcBGAsYHQ/s0/cyberattack.jpg)](<https://thehackernews.com/images/-EAW2jGbOr5A/YQovp_ZA2uI/AAAAAAAADbY/pTwWE0j6a4wD8Je4InBSV_a-sEmV14ARgCLcBGAsYHQ/s0/cyberattack.jpg>)\n\nAll versions of NicheStack before version 4.3 are vulnerable to INFRA:HALT, with approximately 6,400 OT devices exposed online and connected to the internet as of March 2021, most of which are located in Canada, the U.S., Spain, Sweden, and Italy.\n\nThe list of 14 flaws is as follows -\n\n * CVE-2020-25928 (CVSS score: 9.8) - An out-of-bounds read/write when parsing DNS responses, leading to remote code execution\n * CVE-2021-31226 (CVSS score: 9.1) - A heap buffer overflow flaw when parsing HTTP post requests, leading to remote code execution\n * CVE-2020-25927 (CVSS score: 8.2) - An out-of-bounds read when parsing DNS responses, leading to denial-of-service\n * CVE-2020-25767 (CVSS score: 7.5) - An out-of-bounds read when parsing DNS domain names, leading to denial-of-service and information disclosure\n * CVE-2021-31227 (CVSS score: 7.5) - A heap buffer overflow flaw when parsing HTTP post requests, leading to denial-of-service\n * CVE-2021-31400 (CVSS score: 7.5) - An infinite loop scenario in the TCP out of band urgent data processing function, causing a denial-of-service\n * CVE-2021-31401 (CVSS score: 7.5) - An integer overflow flaw in the TCP header processing code\n * CVE-2020-35683 (CVSS score: 7.5) - An out-of-bounds read when parsing ICMP packets, leading to denial-of-service\n * CVE-2020-35684 (CVSS score: 7.5) - An out-of-bounds read when parsing TCP packets, leading to denial-of-service\n * CVE-2020-35685 (CVSS score: 7.5) - Predictable initial sequence numbers (ISNs) in TCP connections, leading to [TCP spoofing](<https://datatracker.ietf.org/doc/html/rfc6528>)\n * CVE-2021-27565 (CVSS score: 7.5) - A denial-of-service condition upon receiving an unknown HTTP request\n * CVE-2021-36762 (CVSS score: 7.5) - An out-of-bounds read in the TFTP packet processing function, leading to denial-of-service\n * CVE-2020-25926 (CVSS score: 4.0) - The DNS client does not set sufficiently random transaction IDs, causing cache poisoning\n * CVE-2021-31228 (CVSS score: 4.0) - The source port of DNS queries can be predicted to send forged DNS response packets, causing cache poisoning\n\n[![](https://thehackernews.com/images/-n1qREbReRlc/YQo0GF_2sGI/AAAAAAAADbg/ww3LgRqCMhIM8ZwOTqgp18mMZFkzfx6dwCLcBGAsYHQ/s0/tcp-stack.jpg)](<https://thehackernews.com/images/-n1qREbReRlc/YQo0GF_2sGI/AAAAAAAADbg/ww3LgRqCMhIM8ZwOTqgp18mMZFkzfx6dwCLcBGAsYHQ/s0/tcp-stack.jpg>)\n\nThe disclosures mark the sixth time security weaknesses have been identified in the protocol stacks that underpin millions of internet-connected devices. It's also the fourth set of bugs to be uncovered as part of a systematic research initiative called Project Memoria to study the security of widely-used TCP/IP stacks that are incorporated by various vendors in their firmware to offer internet and network connectivity features -\n\n * [URGENT/11](<https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html>)\n * [Ripple20](<https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html>)\n * [AMNESIA:33](<https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html>)\n * [NUMBER:JACK](<https://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/>)\n * [NAME:WRECK](<https://thehackernews.com/2021/04/new-namewreck-vulnerabilities-impact.html>)\n\nWhile HCC Embedded, which maintains the C library, has [released software patches](<https://www.hcc-embedded.com/support/security-advisories>) to address the issues, it could take a considerable amount of time before device vendors using vulnerable versions of the stack ship an updated firmware to their customers. \"Complete protection against INFRA:HALT requires patching vulnerable devices but is challenging due to supply chain logistics and the critical nature of OT devices,\" the researchers noted.\n\nAs mitigations, Forescout has released an [open-source script](<https://github.com/Forescout/project-memoria-detector>) that uses active fingerprinting to detect devices running NicheStack. It's also recommended to enforce segmentation controls, monitor all network traffic for malicious packets to mitigate the risk from vulnerable devices.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-04T06:46:00", "type": "thn", "title": "Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25767", "CVE-2020-25926", "CVE-2020-25927", "CVE-2020-25928", "CVE-2020-35683", "CVE-2020-35684", "CVE-2020-35685", "CVE-2021-27565", "CVE-2021-31226", "CVE-2021-31227", "CVE-2021-31228", "CVE-2021-31400", "CVE-2021-31401", "CVE-2021-36762"], "modified": "2021-08-04T09:02:20", "id": "THN:43F52471606DD0C9066A73570A015274", "href": "https://thehackernews.com/2021/08/critical-flaws-affect-embedded-tcpip.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T10:46:21", "description": "HCC Embedded InterNiche is a newsletter software. security vulnerabilities exist in versions prior to HCC Embedded InterNiche stack 4.3 and NicheLite 4.3, which can be exploited by attackers to cause an infinite loop, thereby disrupting TCP/IP communications.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche has an unspecified vulnerability (CNVD-2021-59225)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27565"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59225", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59225", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:52:27", "description": "A security vulnerability exists in HCC Embedded InterNiche, a newsletter software. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by attackers to cache heap overflows.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche has an unspecified vulnerability (CNVD-2021-59227)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31227"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59227", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:52:04", "description": "HCC Embedded InterNiche is a newsletter software. HCC Embedded InterNiche stack is vulnerable to an input validation error, which stems from a lack of size validation, in the code that parses HTTP POST requests, and can be exploited by attackers to cause a heap buffer overflow.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Input Validation Error Vulnerability (CNVD-2021-59228)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31226"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59228", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59228", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T10:59:02", "description": "SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers, providing connectivity via PROFINET IO and Modbus TCP.SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers, providing connectivity via PROFINET IO and Modbus TCP.SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module is a plug-in device that provides switched Ethernet PROFINET V3 connectivity for 7KM PAC32x0/4200 and 3VA COM100/800 devices.Siemens Interniche IP stack low voltage devices have Security Vulnerability. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-05T00:00:00", "type": "cnvd", "title": "Unspecified Vulnerability in Siemens Interniche IP Stack Low Voltage Devices", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35685"], "modified": "2022-01-18T00:00:00", "id": "CNVD-2021-58799", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-58799", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-11-05T10:46:44", "description": "HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which stems from the TFTP message processing feature that does not guarantee that file names end in null, and can be exploited by attackers to cause a denial of service situation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche has an unspecified vulnerability (CNVD-2021-59224)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36762"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59224", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59224", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-05T10:55:01", "description": "InterNiche Technologies NicheStack is a small footprint, RFC-compliant embedded protocol stack that is portable to commercial or proprietary non-MMU operating systems.InterNiche Technologies NicheStack is vulnerable due to an input validation error in the insufficient validation of user-supplied input in the TCP component. A remote attacker could exploit the vulnerability to be able to pass specially crafted input to the application and perform a denial of service (DoS) attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Technologies NicheStack Input Validation Error Vulnerability (CNVD-2021-58800)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35684"], "modified": "2022-01-18T00:00:00", "id": "CNVD-2021-58800", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-58800", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:52:38", "description": "HCC Embedded InterNiche is a newsletter software. An unspecified vulnerability exists in HCC Embedded InterNiche, which could be exploited to enable an attacker to predict the source port of a DNS query and then send spoofed DNS response packets that could be accepted as valid answers.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche has an unspecified vulnerability (CNVD-2021-59226)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31228"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59226", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59226", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-05T10:52:03", "description": "HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche, which can be exploited by attackers to cause read/write bounds to be exceeded.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Buffer Overflow Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25928"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59232", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59232", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T10:57:54", "description": "InterNiche Technologies NicheStack is a small footprint, RFC-compliant embedded protocol stack portable to commercial or proprietary non-MMU operating systems.InterNiche Technologies NicheStack is vulnerable to an input validation error stemming from the ICMP component's boundary conditions. An attacker could exploit this vulnerability to trigger an out-of-bounds read error and cause a system denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Technologies NicheStack Input Validation Error Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35683"], "modified": "2022-01-18T00:00:00", "id": "CNVD-2021-58801", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-58801", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:52:32", "description": "HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche, which stems from a TCP emergency data processing function that may call the panic function, which could be exploited by an attacker to cause an infinite loop.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche has an unspecified vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31400"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59229", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59229", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:51:57", "description": "HCC Embedded InterNiche is a newsletter software. An out-of-bounds read vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which can be exploited by attackers to cause out-of-bounds reads.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Out-of-Bounds Reading Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25767"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59233", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59233", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T10:52:26", "description": "A security vulnerability exists in HCC Embedded InterNiche, a newsletter software, which stems from the DNS client not setting sufficient random transaction ids in the DNSv4 component. An attacker could exploit this vulnerability to pass specially crafted input to the application and perform a cache poisoning attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Security Feature Issue Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25926"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59230", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59230", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-05T10:52:09", "description": "A security vulnerability exists in HCC Embedded InterNiche, a newsletter software, which stems from a boundary condition in the DNSv4 component. An attacker could exploit this vulnerability to trigger an out-of-bounds read error and cause a system denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-06T00:00:00", "type": "cnvd", "title": "HCC Embedded InterNiche Buffer Overflow Vulnerability (CNVD-2021-59231)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25927"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59231", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59231", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T16:09:11", "description": "The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2021-27565", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27565"], "modified": "2021-08-26T16:59:00", "cpe": ["cpe:/a:hcc-embedded:nichestack:4.0.1"], "id": "CVE-2021-27565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:00:15", "description": "An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T11:15:00", "type": "cve", "title": "CVE-2021-31227", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31227"], "modified": "2021-08-26T16:44:00", "cpe": [], "id": "CVE-2021-31227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T18:02:51", "description": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2021-31401", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31401"], "modified": "2021-08-26T18:09:00", "cpe": [], "id": "CVE-2021-31401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T18:00:14", "description": "An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-19T11:15:00", "type": "cve", "title": "CVE-2021-31226", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31226"], "modified": "2021-08-26T02:26:00", "cpe": ["cpe:/a:hcc-embedded:interniche:4.0.1"], "id": "CVE-2021-31226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:interniche:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:58:19", "description": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2020-35685", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35685"], "modified": "2021-08-26T18:21:00", "cpe": ["cpe:/a:hcc-embedded:nichestack:3.0"], "id": "CVE-2020-35685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:52:42", "description": "An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\\0' byte exists within a reasonable range).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2021-36762", "cwe": ["CWE-273"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36762"], "modified": "2021-08-26T18:14:00", "cpe": [], "id": "CVE-2021-36762", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T17:58:18", "description": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2020-35684", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35684"], "modified": "2021-08-26T18:21:00", "cpe": ["cpe:/a:hcc-embedded:nichestack:3.0"], "id": "CVE-2020-35684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T16:15:47", "description": "An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T11:15:00", "type": "cve", "title": "CVE-2021-31228", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31228"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2021-31228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-07-07T16:01:44", "description": "The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the \"response data length\" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-18T19:15:00", "type": "cve", "title": "CVE-2020-25928", "cwe": ["CWE-787", "CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25928"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/a:hcc-embedded:nichestack_tcp\\/ip:4.0.1"], "id": "CVE-2020-25928", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack_tcp\\/ip:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T16:15:47", "description": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T12:15:00", "type": "cve", "title": "CVE-2020-35683", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35683"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:hcc-embedded:nichestack:3.0"], "id": "CVE-2020-35683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:02:50", "description": "An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T11:15:00", "type": "cve", "title": "CVE-2021-31400", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31400"], "modified": "2021-08-26T17:17:00", "cpe": [], "id": "CVE-2021-31400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:55:00", "description": "An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-18T19:15:00", "type": "cve", "title": "CVE-2020-25767", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25767"], "modified": "2021-08-26T19:32:00", "cpe": ["cpe:/a:hcc-embedded:nichestack_ipv4:4.1"], "id": "CVE-2020-25767", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack_ipv4:4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:57:15", "description": "The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-18T19:15:00", "type": "cve", "title": "CVE-2020-25926", "cwe": ["CWE-331"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25926"], "modified": "2021-08-26T16:32:00", "cpe": ["cpe:/a:hcc-embedded:nichestack_tcp\\/ip:4.0.1"], "id": "CVE-2020-25926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack_tcp\\/ip:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:57:17", "description": "The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-18T19:15:00", "type": "cve", "title": "CVE-2020-25927", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25927"], "modified": "2021-08-26T18:23:00", "cpe": ["cpe:/a:hcc-embedded:nichestack_tcp\\/ip:4.0.1"], "id": "CVE-2020-25927", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hcc-embedded:nichestack_tcp\\/ip:4.0.1:*:*:*:*:*:*:*"]}]}

HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)

Description

Related