www.cisa.gov
Open in
urlscan Pro
2600:141b:5000:59e::447a
Public Scan
Submitted URL: https://www.us-cert.gov/ics/advisories/icsa-20-168-01
Effective URL: https://www.cisa.gov/news-events/ics-advisories/icsa-20-168-01
Submission: On June 06 via api from IN — Scanned from US
Effective URL: https://www.cisa.gov/news-events/ics-advisories/icsa-20-168-01
Submission: On June 06 via api from IN — Scanned from US
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity & Infrastructure Security Agency America's Cyber Defense Agency Search × search Menu Close × search * Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally * Spotlight * Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups * News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony * Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA * About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Contact Us Site Links Reporting Employee and Contractor Misconduct CISA GitHub Report a Cyber Issue America's Cyber Defense Agency Breadcrumb 1. Home 2. News & Events 3. Cybersecurity Advisories 4. ICS Advisory Share: ICS Advisory TRECK TCP/IP STACK (UPDATE H) Last Revised March 17, 2022 Alert Code ICSA-20-168-01 1. EXECUTIVE SUMMARY * CVSS v3 10.0 --------- Begin Update H Part 1 of 3 --------- * ATTENTION: Exploitable remotely/public exploits are available --------- End Update H Part 1 of 3 --------- * Vendor: Treck Inc. * Equipment: TCP/IP * Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-168-01 Treck TCP/IP Stack (Update G) that was published Aug 20, 2020, to the ICS webpage on www.cisa.gov/uscert. 3. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information. 4. TECHNICAL DETAILS 4.1 AFFECTED PRODUCTS The Treck TCP/IP stack is affected including: * IPv4 * IPv6 * UDP * DNS * DHCP * TCP * ICMPv4 * ARP 4.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130(LINK IS EXTERNAL) Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution. CVE-2020-11896 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H(link is external)). 4.2.2 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130(LINK IS EXTERNAL) Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in possible out-of-bounds write. CVE-2020-11897 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H(link is external)). 4.2.3 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130(LINK IS EXTERNAL) Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in out-of-bounds Read. CVE-2020-11898 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H(link is external)). 4.2.4 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read and a possible Denial of Service. CVE-2020-11899 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L(link is external)). 4.2.5 DOUBLE FREE CWE-415(LINK IS EXTERNAL) Possible double free in IPv4 tunneling component when handling a packet sent by a network attacker. This vulnerability may result in use after free. CVE-2020-11900 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H(link is external)). 4.2.6 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in DNS resolver component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution. CVE-2020-11901 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H(link is external)). 4.2.7 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in IPv6 over IPv4 tunneling component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11902 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L(link is external)). 4.2.8 OUT-OF-BOUNDS READ CWE-125(LINK IS EXTERNAL) Possible out-of-bounds read in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11903 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N(link is external)). 4.2.9 INTEGER OVERFLOW OR WRAPAROUND CWE-190(LINK IS EXTERNAL) Possible integer overflow or wraparound in memory allocation component when handling a packet sent by an unauthorized network attacker may result in out-of-bounds write. CVE-2020-11904 has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L(link is external)). 4.2.10 OUT-OF-BOUNDS READ CWE-125(LINK IS EXTERNAL) Possible out-of-bounds read in DHCPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11905 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N(link is external)). 4.2.11 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation CWE-20 in ethernet link layer component from a packet sent by an unauthorized user. CVE-2020-11906 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L(link is external)). 4.2.12 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130(LINK IS EXTERNAL) Improper handling of length parameter inconsistency in TCP component, from a packet sent by an unauthorized network attacker. CVE-2020-11907 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L(link is external)). 4.2.13 IMPROPER NULL TERMINATION CWE-170(LINK IS EXTERNAL) Improper null termination in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11908 has been assigned to this vulnerability. A CVSS v3 base score of 3.1 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L(link is external)). 4.2.14 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in IPv4 component when handling a packet sent by an unauthorized network attacker. CVE-2020-11909 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N(link is external)). 4.2.15 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11910 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N(link is external)). 4.2.16 IMPROPER ACCESS CONTROL CWE-284(LINK IS EXTERNAL) The affected product is vulnerable to improper access control, which may allow an attacker to change one specific configuration value. CVE-2020-11911 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L(link is external)). 4.2.17 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in TCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read.. CVE-2020-11912 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L(link is external)). 4.2.18 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11913 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N(link is external)). 4.2.19 IMPROPER INPUT VALIDATION CWE-20(LINK IS EXTERNAL) Improper input validation in ARP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11914 has been assigned to this vulnerability. A CVSS v3 base score of 3.1 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N(link is external)). 4.3 BACKGROUND * CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems * COUNTRIES/AREAS DEPLOYED: Worldwide * COMPANY HEADQUARTERS LOCATION: United States 4.4 RESEARCHER Shlomi Oberman and Moshe Kol from JSOF reported these vulnerabilities to CERT/CC. 5. MITIGATIONS Treck recommends users apply the latest version of the affected products (Treck TCP/IP 6.0.1.67 or later versions). To obtain patches, email security@treck.com(link sends email) For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory(link is external). Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows: * ABB(link is external) * B.Braun(link is external) * Baxter(link is external) * BD(link is external) * CareStream(link is external) * Caterpillar(link is external) * DIGI International(link is external) * Eaton(link is external) * Green Hills Software(link is external) * Johnson Controls(link is external) * Miele(link is external) * Opto 22(link is external) --------- Begin Update H Part 2 of 3 --------- * Pepperl+Fuchs(link is external) --------- End Update H Part 2 of 3 --------- * Rockwell(link is external) * Schneider Electric(link is external) * Smiths Medical(link is external) CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. * Locate control system networks and remote devices behind firewalls and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. --------- Begin Update H Part 3 of 3 --------- This vulnerability has a high attack complexity. --------- End Update H Part 3 of 3 --------- VENDOR Treck PLEASE SHARE YOUR THOUGHTS We recently updated our anonymous product survey; we’d welcome your feedback. RELATED ADVISORIES Jun 01, 2023 ICS Advisory | ICSA-23-152-01 ADVANTECH WEBACCESS/SCADA Jun 01, 2023 ICS Advisory | ICSA-23-152-02 HID GLOBAL SAFE May 30, 2023 ICS Advisory | ICSA-23-150-01 ADVANTECH WEBACCESS/SCADA May 25, 2023 ICS Advisory | ICSA-23-145-01 MOXA MXSECURITY SERIES Return to top * Topics * Spotlight * Resources & Tools * News & Events * Careers * About Cybersecurity & Infrastructure Security Agency * Facebook * Twitter * LinkedIn * YouTube * Instagram * RSS CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email) DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security * About CISA * Accessibility * Budget and Performance * DHS.gov * FOIA Requests * No FEAR Act * Office of Inspector General * Privacy Policy * Subscribe * The White House * USA.gov * Website Feedback