ICSA-20-168-01 · Published 2024-09-19 · View on CISA ICS-CERT ↗

Treck TCP/IP (Update I)

CVSS 10.0 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

CVEs (19)

CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-11914

Remediations

Treck recommends users apply the latest version of the affected products:
Treck TCP/IP: Update to 6.0.1.67 or later versions
To obtain patches, email Treck at [email protected]
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:
ABB
B.Braun
Baxter
BD
CareStream
Caterpillar
DIGI International
Eaton
Green Hills Software
IDEC Corporation
Johnson Controls
Miele
Opto 22
Pepperl+Fuchs
Rockwell
Schneider Electric
Smiths Medical

Affected Vendors

Treck Inc.

Affected Products (8)

Treck Inc. · Treck Inc TCP/IP IPv4

Treck Inc. · Treck Inc TCP/IP IPv6

Treck Inc. · Treck Inc TCP/IP UDP

Treck Inc. · Treck Inc TCP/IP DNS

Treck Inc. · Treck Inc TCP/IP DHCP

Treck Inc. · Treck Inc TCP/IP TCP

Treck Inc. · Treck Inc TCP/IP ICMPv4

Treck Inc. · Treck Inc TCP/IP ARP

Affected Sectors

Energy, Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more