Hundreds of millions of devices worldwide could be vulnerable to remote attacks due to security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20.
Treck TCP/IP is a high-performance TCP/IP protocol suite designed for embedded systems. Researchers at Israel-based cybersecurity company JSOF have discovered 19 critical and high-severity security flaws.
The zero-day flaws reside in a popular low-level TCP/IP software library developed by Treck, Inc. that is used in devices made by more than 100 organizations in various industries.
“The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities.” reads the post published by the researchers.
The experts pointed out that Ripple20 issues are the only vulnerabilities reported in Treck TCP/IP to date.
The flaws can be exploited for remote code execution, denial-of-service (DoS) attacks, and for obtaining potentially sensitive information.
A remote attacker could exploit the flaw by sending specially crafted IP packets or DNS requests to the vulnerable devices.
“Ripple20 vulnerabilities are unique both in their widespread effect and impact due to supply chain effect and being vulnerabilities allowing attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required,” reads the JSOF’s report.
Researchers revealed that the list of affected vendors includes HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, and Baxter.
JSOF has been working with several organizations to coordinate the disclosure of the flaws, including ICS CERT, CERTCC, JPCERT/CC, CERT-IL, tech giant like Intel, HP,Schneider Electric have released their own advisories.
Treck released security patches to address the Ripple20 vulnerabilities, but experts pointed out that in some cases it’s not possible to install them.
“Most of the vulnerabilities are true Zero-days, with 4 of them having been closed over the years as part of routine code changes, but remained open in some of the affected devices (3 lower severity, 1 higher). Many of the vulnerabilities have several variants due to the Stack configurability and code changes over the years.” concludes the report.
(SecurityAffairs – Ripple20, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.