CVE-2020-17437Out-of-bounds Write in Siemens Sentron 3VA Com100 Firmware

CWE-787Out-of-bounds WriteCWE-130Improper Handling of Length Parameter Inconsistency10 documents8 sources
Severity
8.2HIGHNVD
OSV7.5
EPSS
0.3%
top 43.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Open-iscsi Project Open-iscsiSiemens Sentron 3VA Com100 FirmwareSiemens Sentron 3VA Com800 Firmware+8 more
Timeline
PublishedDec 11
Latest updateJul 27

Description

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages13 packages

debiandebian/open-iscsi< open-iscsi 2.1.3-1 (bookworm)

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

3
OSV
open-iscsi vulnerabilities2023-07-27
GHSA
GHSA-cfgh-w4j7-hfhp: An issue was discovered in uIP 12022-05-24
OSV
CVE-2020-17437: An issue was discovered in uIP 12020-12-11

📋Vendor Advisories

5
Ubuntu
Open-iSCSI vulnerabilities2023-07-27
CISA ICS
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)2021-08-10
Red Hat
Open-iSCSI: invalid handing of the TCP urgent data pointer2020-12-09
CISA ICS
Multiple Embedded TCP/IP Stacks2020-12-09
Debian
CVE-2020-17437: open-iscsi - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. W...2020

🕵️Threat Intelligence

1
Tenable
AMNESIA:33: Researchers Disclose 33 Vulnerabilities Across Four Open Source TCP/IP Libraries2020-12-09