CVE-2020-35685 - OpenCVE

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Sentron 3wa Com190 Sentron 3wl Com35 Sentron 3wa Com190 Firmware Sentron 3wl Com35 Firmware
Hcc-embedded	Nichestack

Configuration 1 [-]

cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf	Mitigation Third Party Advisory
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/	Mitigation Third Party Advisory
https://www.hcc-embedded.com	Product
https://www.kb.cert.org/vuls/id/608209	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-19T11:21:08

Updated: 2021-08-19T11:21:29

Reserved: 2020-12-24T00:00:00

Link: CVE-2020-35685

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-19T12:15:08.217

Modified: 2021-08-26T18:21:15.667

Link: CVE-2020-35685

JSON object: View

Redhat Information

No data.

CWE

CWE-330

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-19T11:21:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hcc-embedded.com"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35685", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hcc-embedded.com", "refsource": "MISC", "url": "https://www.hcc-embedded.com"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/", "refsource": "MISC", "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/608209"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35685", "datePublished": "2021-08-19T11:21:08", "dateReserved": "2020-12-24T00:00:00", "dateUpdated": "2021-08-19T11:21:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "22916BA2-C530-46C0-9C4E-1C0342C9089E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B62056DC-DF99-4118-9B22-45E51980CD7F", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*", "matchCriteriaId": "797EAA6F-5E8C-4855-87ED-CE4D76D02571", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "438332F0-E222-48FB-BA95-0A79EAC9E448", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF6988F4-8734-4B27-AD0B-B91F25654F9A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)"}, {"lang": "es", "value": "Se ha detectado un problema en HCC Nichestack versi\u00f3n 3.0. El c\u00f3digo que genera Initial Sequence Numbers (ISN) para las conexiones TCP deriva el ISN de una fuente insuficientemente aleatoria. Como resultado, un atacante puede ser capaz de determinar el ISN de las conexiones TCP actuales y futuras y secuestrar las existentes o falsificar las futuras. (La generaci\u00f3n apropiada del ISN debe tener como objetivo seguir al menos las especificaciones descritas en el RFC 6528)."}], "id": "CVE-2020-35685", "lastModified": "2021-08-26T18:21:15.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-19T12:15:08.217", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.hcc-embedded.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}