CVE-2020-35683
Last modified
CVE-2020-35683 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. EPSS estimates a 2.29% chance of exploitation in the next 30 days.
Description
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hcc-Embedded | Nichestack | 3.0 |
| Siemens | 7km9300-0ae02-0aa0 Firmware | < 3.0.4 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfMitigation, Third Party Advisory
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/Mitigation, Third Party Advisory
- https://www.hcc-embedded.comProduct
- https://www.kb.cert.org/vuls/id/608209Third Party Advisory, US Government Resource
- https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfMitigation, Third Party Advisory
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/Mitigation, Third Party Advisory
- https://www.hcc-embedded.comProduct
- https://www.kb.cert.org/vuls/id/608209Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-35683?
How severe is CVE-2020-35683?
How do I fix CVE-2020-35683?
Are you affected by CVE-2020-35683?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST