QwikSec

Security Database

CVE

CWE

Training

CVE-2020-35684

Published: Aug 19, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.hcc-embedded.com

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf

x_refsource_CONFIRM

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.