CVE Vulnerability

CVE-2020-35683

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf Mitigation Third Party Advisory
https://www.hcc-embedded.com Product
https://www.kb.cert.org/vuls/id/608209 Third Party Advisory US Government Resource
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ Mitigation Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*
Information

Published : 2021-08-19 12:15

Updated : 2022-07-12 05:42

NVD link : CVE-2020-35683

Mitre link : CVE-2020-35683

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read