Intel researchers have discovered four security flaws in the (closed-source) TCP / IP stack from Treck – the stack that was released in June of this year by 19 Collection “Ripple 20” was affected. Two of the new vulnerabilities are considered critical: remote, unauthenticated attackers could misuse them to paralyze vulnerable systems via denial-of-service attacks or to execute arbitrary program code on them. The other two gaps were assigned “Low” and “Medium” ratings.

The TCP / IP stack from Treck is for embedded Devices are optimized and used by companies such as HP, Intel, Schneider Electric, Rockwell Automation and many others. The areas of application are diverse and range from smart home and networked office components to medical devices and industrial control systems.

Treck has confirmed the gaps and published an update. To date, no publicly available exploit code for the vulnerabilities has emerged, and no active attacks have been observed. The attack complexity for the critical vulnerabilities is rated as low.

Affected stacks and updates The CVE vulnerabilities – 2020 – 25066, CVE – 2020 – 27337, CVE – 2020 – 27338 and CVE – 2020 – 27336 (CVSS scores 9.8, 9.1 , 5.9, 3.7) are in the HTTP server, IPv6 and DHCPv6 code of all stack versions up to and including 6.0.1. 67 . A separately published security notice by the US authority CISA indicates that the Treck TCP / IP stack is also used under other names and cites as examples Kasago TCP / IP, ELMIC, Net + OS, Quadnet, GHNET v2, Kwiknet and AMX .

Stacks from version 6.0.1. 68 are covered according to CISA; Manufacturers of vulnerable products can send an email to Treck about patches.

Further information As a rule, end users only find out about the vulnerability of their devices if the manufacturers inform about it and provide updates. As a guide, the CVE IDs can help to assign the patches in question to the holes. However, many users are likely to look in vain: For many (cheap) devices, there are simply no updates and update mechanisms provided. In other cases it takes a long time to distribute.

Treck advises users with no update options to use firewall rules to block HTTP packets that have a negative “Content-Length” header field Have value. The CISA provides a more general hint, with which the average person can probably start more – namely to minimize the access options to potentially vulnerable devices via the Internet and, in case of doubt, to use a secure connection, e.g. via VPN.

(ovw)