Vulnerability Details : CVE-2020-35684
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
Vulnerability category: Input validation
Products affected by CVE-2020-35684
- cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-35684
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-35684
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-35684
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-35684
-
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Mitigation;Third Party Advisory
-
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
New Critical Operational Technology Vulnerabilities Found on NicheStack – Mitigation Advised - ForescoutMitigation;Third Party Advisory
-
https://www.hcc-embedded.com
Home - Embedded Software and SystemsProduct
-
https://www.kb.cert.org/vuls/id/608209
VU#608209 - NicheStack embedded TCP/IP has vulnerabilitiesThird Party Advisory;US Government Resource
Jump to