The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20.
Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain full control over a device without any user involvement.
Some vulnerabilities from Ripple20 have been fixed for several years either by Treck developers or device manufacturers who have made changes in the code and configuration of the stack. However, for the same reason, some vulnerabilities have a few more options that are unlikely to be corrected in the near future.
|CVE ID||CVSSv3||Potential Impact||Fixed on Version|
|CVE-2020-11896||9||Remote Code Execution||126.96.36.199 (release 30/03/2020)|
|CVE-2020-11897||10||Out-of-Bounds Write||188.8.131.52 (release 04/06/2009)|
|CVE-2020-11901||9||Remote Code Execution||184.108.40.206|
Researchers notified Treck developers about the problems in due course, and most of them were fixed with the release of TCP/IP 220.127.116.11 stack version. They also contacted 500 vendors including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter and Quadros.