Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20.

Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain full control over a device without any user involvement.

Some vulnerabilities from Ripple20 have been fixed for several years either by Treck developers or device manufacturers who have made changes in the code and configuration of the stack. However, for the same reason, some vulnerabilities have a few more options that are unlikely to be corrected in the near future.

CVE IDCVSSv3Potential ImpactFixed on Version
CVE-2020-118969Remote Code Execution6.0.1.66 (release 30/03/2020)
CVE-2020-1189710Out-of-Bounds Write5.0.1.35 (release 04/06/2009)
CVE-2020-119019Remote Code Execution6.0.1.66

(release 03/03/2020)
Critical vulnerabilities

Researchers notified Treck developers about the problems in due course, and most of them were fixed with the release of TCP/IP 6.0.1.67 stack version. They also contacted 500 vendors including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter and Quadros.

One thought on “Ripple20 zero-day vulnerabilities in IOT devices

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s