Multiple Embedded TCP/IP Stacks (Update B)

Risk Summary

Successful exploitation of weak initial sequence numbers (ISN) can be used to hijack or spoof TCP connections, cause denial-of-service conditions, inject malicious data, or bypass authentication.

CVEs (9)

Remediations

• uIP-Contiki-OS (end-of-life [EOL]). See general recommendations below.
• uIP-Contiki-NG has a patch in progress. See general recommendations below until a patch is made available.
• uIP (EOL). See general recommendations below.
• The maintainers of picoTCP-NG recommend users update to Version 2.1 or later.
• picoTCP (EOL), See general recommendations below.
• The maintainers of MPLAB Net recommend users update to Version 3.6.4 or later.
• Siemens recommends Nucleus NET users update to the latest version of Nucleus ReadyStart or to protect transmitted data with cryptographic protocols such as Transport Layer Security. Additional information can be found here.
• Siemens recommends Nucleus ReadyStart for ARM, MIPS, and PPC users update to v2012.12 or later or to protect transmitted data with cryptographic protocols such as Transport Layer Security. Additional information can be found here.
• Siemens recommends for Capital VSTAR and Nucleus Source Code users contact Siemens customer support to receive patch and update information. Additional information can be found here.
• Nut/Net has a patch in progress. See general recommendations below until a patch is made available.
• uC/TCP-IP (EOL). See general recommendations below. Patched in the latest version of Micrium OS (successor project).
• The maintainers of CycloneTCP recommend users update to Version 2.0.0 or later.
• Texas Instruments recommends NDKTCPIP users update to Version 7.02 or later
• The maintainer of FNET recommends users update to v4.7.1

Affected Vendors

Affected Products (15)

Affected Sectors

Multiple