ICSA-20-343-01 · Published 2020-12-08 · View on CISA ICS-CERT ↗

Multiple Embedded TCP/IP Stacks

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.

CVEs (33)

CVE-2020-13984 CVE-2020-13985 CVE-2020-13986 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-17439 CVE-2020-17440 CVE-2020-17441 CVE-2020-17442 CVE-2020-17443 CVE-2020-17444 CVE-2020-17445 CVE-2020-17467 CVE-2020-17468 CVE-2020-17469 CVE-2020-17470 CVE-2020-24334 CVE-2020-24335 CVE-2020-24336 CVE-2020-24337 CVE-2020-24338 CVE-2020-24339 CVE-2020-24340 CVE-2020-24341 CVE-2020-24383 CVE-2020-25107 CVE-2020-25108 CVE-2020-25109 CVE-2020-25110 CVE-2020-25111 CVE-2020-25112

Remediations

Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:

Affected Vendors

multiple open source

Affected Products (8)

multiple open source · uIP (EOL) <= 1.0

multiple open source · uIP-Contiki-NG <= 4.5

multiple open source · Nut/Net <= 5.1

multiple open source · FNET 4.6.3

multiple open source · open-iscsi <= 2.1.12

multiple open source · picoTCP (EOL) <= 1.7.0

multiple open source · uIP-Contiki-OS (end-of-life [EOL]) <= 3.0

multiple open source · picoTCP-NG <= 1.7.0

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more