CVE-2020-13987 - OpenCVE

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Sentron 3va Com800 Firmware Sentron 3va Com800 Sentron Pac4200 Sentron 3va Com100 Sentron 3va Com100 Firmware Sentron Pac3200 Firmware Sentron Pac3200 Sentron Pac4200 Firmware
Uip Project	Uip
Contiki-os	Contiki
Open-iscsi Project	Open-iscsi

Configuration 1 [-]

AND

cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*

cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf	Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/815128	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-11T21:37:06

Updated: 2021-03-09T14:06:22

Reserved: 2020-06-09T00:00:00

Link: CVE-2020-13987

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-11T22:15:12.543

Modified: 2022-08-06T03:52:03.833

Link: CVE-2020-13987

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-09T14:06:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.kb.cert.org/vuls/id/815128"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13987", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.kb.cert.org/vuls/id/815128", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/815128"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13987", "datePublished": "2020-12-11T21:37:06", "dateReserved": "2020-06-09T00:00:00", "dateUpdated": "2021-03-09T14:06:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*", "matchCriteriaId": "98518C5F-7D0A-4B03-A062-651E613A01BE", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBD2BE71-F851-4136-816D-EF61154FD2C4", "versionEndIncluding": "3.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*", "matchCriteriaId": "82EAB4C1-AAC8-431E-AED1-1845AC303201", "versionEndIncluding": "2.1.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "507AAF60-4AFE-4D80-A698-13BD5818CAE7", "versionEndExcluding": "4.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C308EF6-7893-44EF-978E-9019B0060911", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "08B3AAE7-AAC6-4ECC-9338-AC8841336C59", "versionEndExcluding": "4.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CECE258-D12A-4483-AF4B-A63FAD08A767", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92EDAF30-8EC2-4C76-BD27-6C6084B9CA03", "versionEndExcluding": "2.4.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*", "matchCriteriaId": "624451C4-149D-4FEE-B2FB-020574F03231", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E46CC95C-7941-4B23-A0E9-79AB18A6E9C2", "versionEndExcluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "B48B5DE2-25BF-44A1-BB12-A734DD4A9560", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Contiki versiones hasta 3.0. Se presenta una vulnerabilidad de Lectura Fuera de L\u00edmites en el componente uIP TCP/IP Stack cuando se calculan las sumas de comprobaci\u00f3n para paquetes IP en la funci\u00f3n upper_layer_chksum en el archivo net/ipv4/uip.c"}], "id": "CVE-2020-13987", "lastModified": "2022-08-06T03:52:03.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-11T22:15:12.543", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/815128"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}