Share: Email | Twitter

ID

VDE-2021-028

Published

2021-08-16 14:01 (CEST)

Last update

2021-08-16 14:01 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No° Product Name Affected Version(s)
243598 VDM100-150-EIP/G2 <= 2.00
256831 VDM100-300-EIP/G2 <= 2.00
256830 VDM100-50-EIP/G2 <= 2.00

Summary

Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.

For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International

Vulnerabilities



Weakness
Improper Input Validation (CWE-20)
Summary

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

Weakness
Out-of-bounds Write (CWE-787)
Summary
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
Weakness
Improper Input Validation (CWE-20)
Summary
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
Weakness
Double Free (CWE-415)
Summary
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
Weakness
Out-of-bounds Write (CWE-787)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
Weakness
Integer Underflow (Wrap or Wraparound) (CWE-191)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
Weakness
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
Weakness
Integer Underflow (Wrap or Wraparound) (CWE-191)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Weakness
Missing Authorization (CWE-862)
Summary
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
Weakness
Summary
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
Weakness
Out-of-bounds Read (CWE-125)
Summary
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

Impact

Pepperl+Fuchs analyzed and identified affected devices.

The impact on the affected device is that it can

  • no longer perform acyclic requests
  • may drop all established cyclic connections may
  • disappear completely from the network

Solution

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Reported by

Digi International Inc.
Coordinated by CERT@VDE