Rewterz Threat Advisory – ICS: Treck TCP/IP Stack Multiple Vulnerabilities

Severity

High

Analysis Summary

Multiple vulnerabilities have been reported in The Treck TCP/IP stack by Treck Inc.

• Improper input validation in ARP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11914
• Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11913
• Improper input validation in TCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read.. CVE-2020-11912
• The affected product is vulnerable to improper access control, which may allow an attacker to change one specific configuration value. CVE-2020-11911
• Improper input validation in ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11910
• Improper input validation in IPv4 component when handling a packet sent by an unauthorized network attacker. CVE-2020-11909
• Improper null termination in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11908
• Improper handling of length parameter inconsistency in TCP component, from a packet sent by an unauthorized network attacker. CVE-2020-11907
• Improper input validation CWE-20 in ethernet link layer component from a packet sent by an unauthorized user.  CVE-2020-11906
• Possible out-of-bounds read in DHCPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11905
• Possible integer overflow or wraparound in memory allocation component when handling a packet sent by an unauthorized network attacker may result in out-of-bounds write. CVE-2020-11904
• Possible out-of-bounds read in DHCP component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information. CVE-2020-11903
• Improper input validation in IPv6 over IPv4 tunneling component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read. CVE-2020-11902
• Improper input validation in DNS resolver component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution. CVE-2020-11901
• Possible double free in IPv4 tunneling component when handling a packet sent by a network attacker. This vulnerability may result in use after free. CVE-2020-11900
• Improper input validation in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow out-of-bounds Read and a possible Denial of Service. CVE-2020-11899
• Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in out-of-bounds Read. CVE-2020-11898
• Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in possible out-of-bounds write. CVE-2020-11897
• Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution. CVE-2020-11896

The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.

Impact

• Remote code execution
• Exposure of sensitive information

Affected Vendors

Treck Inc.

Affected Products

The Treck TCP/IP stack is affected including: IPv4
IPv6
UDP
DNS
DHCP
TCP
ICMPv4
ARP

Remediation

Treck recommends users to apply the latest version of the affected products (Treck TCP/IP 6.0.1.67 or later versions). To obtain patches, email security@treck.com.