CVE-2020-35685

CRITICAL

HCC Nichestack 3.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)

References (4)

[Product] https://www.hcc-embedded.com

[Mitigation, Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf

[Mitigation, Third Party Advisory] https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/608209

Scores

CVSS v3 9.1

EPSS 0.0041

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-330

Status published

Products (3)

hcc-embedded/nichestack 3.0

siemens/sentron_3wa_com190_firmware < 2.0.0

siemens/sentron_3wl_com35_firmware < 1.2.0

Published Aug 19, 2021

Tracked Since Feb 18, 2026