CVE-2020-35685

Опубликовано: 19 авг. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Mitigation
Third Party Advisory
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Mitigation
Third Party Advisory
https://www.hcc-embedded.com
Product
https://www.kb.cert.org/vuls/id/608209
Third Party Advisory
US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Mitigation
Third Party Advisory
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Mitigation
Third Party Advisory
https://www.hcc-embedded.com
Product
https://www.kb.cert.org/vuls/id/608209
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.0 (исключая)

cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*

Версия до 1.2.0 (исключая)

cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00408

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-hf8h-gvq7-6gfr

github

больше 3 лет назад

BDU:2021-04218

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость реализации генератора ISN стеков TCP/IP NicheLite и InterNiche, позволяющая нарушителю проводить спуфинг-атаки