CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31401
https://notcve.org/view.php?id=CVE-2021-31401
19 Aug 2021 — An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. Se ha detectado un problema en la función tcp_rcv() en el archivo nptcp.c en HCC embedded InterNiche versión 4.0.1. El códig... • https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35685
https://notcve.org/view.php?id=CVE-2020-35685
19 Aug 2021 — An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.) Se ha detectado un problema en HCC Nichestack versión 3.0. • https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35684
https://notcve.org/view.php?id=CVE-2020-35684
19 Aug 2021 — An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). Se ha detectado un problema en HCC Nichestack versión 3.0. El código q... • https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35683
https://notcve.org/view.php?id=CVE-2020-35683
19 Aug 2021 — An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. Se ha detectado un problema en HCC Nichestack versión 3.0. El código que analiza los paquetes ICMP se basa en un valor no comprobado del tamaño de l... • https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36762
https://notcve.org/view.php?id=CVE-2021-36762
19 Aug 2021 — An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range). Se ha detectado un problema en HCC Embedded InterNicheStack versiones hasta 4.3. La función packet processing TFTP tfshnd():tftpsrv.c no asegura que un nombr... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2021-27565
https://notcve.org/view.php?id=CVE-2021-27565
19 Aug 2021 — The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook. El servidor web de InterNiche NicheStack versiones hasta 4.0.1, permite a atacantes remotos causar una denegación de servicio (bucle infinito y corte de red) por medio de una petición HTTP válida inesperada como OPTIONS. Est... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31400
https://notcve.org/view.php?id=CVE-2021-31400
19 Aug 2021 — An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset). Se ha detectado un problema en la función tcp_pulloutofband() en el archivo tcp_in.c en HCC embedded I... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31228
https://notcve.org/view.php?id=CVE-2021-31228
19 Aug 2021 — An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits. Se ha detectado un problema en HCC embedded InterNiche versión 4.0.1. Esta vulnerabilidad permite al atacante predecir el puerto de origen de ... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31227
https://notcve.org/view.php?id=CVE-2021-31227
19 Aug 2021 — An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy. Se ha detectado un problema en HCC embedded InterNiche versión 4.0.1. Se presenta un potencial desbordamiento del... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-787: Out-of-bounds Write •