Description
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/608209
Scores
CVSS v3
7.5
EPSS
0.0127
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-330
Status
published
Products (1)
hcc-embedded/nichestack
< 4.3
Published
Aug 19, 2021
Tracked Since
Feb 18, 2026