ICSA-21-217-01 · Published 2021-12-16 · View on CISA ICS-CERT ↗

HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may result in unauthorized access to arbitrary information, DNS cache poisoning, remote code execution, or a denial-of-service condition.

CVEs (14)

CVE-2020-25767 CVE-2020-25928 CVE-2020-25927 CVE-2020-25926 CVE-2020-35683 CVE-2020-35684 CVE-2020-35685 CVE-2021-31400 CVE-2021-31401 CVE-2021-31226 CVE-2021-31227 CVE-2021-31228 CVE-2021-27565 CVE-2021-36762

Remediations

HCC recommends users apply release v4.3 or later to mitigate these vulnerabilities. For more information, contact HCC.
Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:

Affected Vendors

HCC Embedded

Affected Products (2)

HCC Embedded · InterNiche stack < 4.3

HCC Embedded · NicheLite < 4.3

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more