CVE-2020-35683
HIGHHcc-embedded Nichestack < 3.0.4 - Out-of-Bounds Read
Title source: ruleDescription
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
References (4)
Core 4
Core References
Product x_refsource_misc
https://www.hcc-embedded.com
Mitigation, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Mitigation, Third Party Advisory x_refsource_misc
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/608209
Scores
CVSS v3
7.5
EPSS
0.0053
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (2)
hcc-embedded/nichestack
3.0
siemens/7km9300-0ae02-0aa0_firmware
< 3.0.4
Published
Aug 19, 2021
Tracked Since
Feb 18, 2026