Details

19 vulnerabilities, which have been summarized under the Ripple20 designation, have been detected in Treck Inc.'s TCP/IP stack. At least 2 vulnerabilities may lead to Remote Code Execution. Other potential effects are privilege escalation, denial of service, and information leaks.

• CVE-2020-11896 - CVSS v3.0 Base Score: 10.0 (critical)
• CVE-2020-11897 - CVSS v3.0 Base Score: 10.0 (critical)
• CVE-2020-11898 - CVSS v3.0 Base Score: 9.1 (critical)
• CVE-2020-11899 - CVSS v3.0 Base Score: 5.4 (medium)
• CVE-2020-11900 - CVSS v3.0 Base Score: 8.2 (critical)
• CVE-2020-11901 - CVSS v3.0 Base Score: 9.0 (critical)
• CVE-2020-11902 - CVSS v3.0 Base Score: 7.3 (high)
• CVE-2020-11903 - CVSS v3.0 Base Score: 5.3 (medium)
• CVE-2020-11904 - CVSS v3.0 Base Score: 5.6 (medium)
• CVE-2020-11905 - CVSS v3.0 Base Score: 5.3 (medium)
• CVE-2020-11906 - CVSS v3.0 Base Score: 5.0 (medium)
• CVE-2020-11907 - CVSS v3.0 Base Score: 5.0 (medium)
• CVE-2020-11908 - CVSS v3.0 Base Score: 3.1 (low)
• CVE-2020-11909 - CVSS v3.0 Base Score: 3.7 (low)
• CVE-2020-11910 - CVSS v3.0 Base Score: 3.7 (low)
• CVE-2020-11911 - CVSS v3.0 Base Score: 3.7 (low)
• CVE-2020-11912 - CVSS v3.0 Base Score: 3.7 (low)
• CVE-2020-11913 - CVSS v3.0 Base Score: 3.7 (low)
• CVE-2020-11914 - CVSS v3.0 Base Score: 3.1 (low)

Further information on Ripple20 is available in English at the following links:

• https://www.jsof-tech.com/ripple20/
• https://cve.mitre.org/

Products by SEW‑EURODRIVE are also affected by the other discovered vulnerabilities in the TCP/IP stack of Treck Inc. This applies to the following vulnerabilities:

• CVE-2020-25066 – CVSS v3.0 Base Score: 9.8 (critical)

Further information on these vulnerabilities is available in English at the following link: https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01

The owners of these websites are responsible for the contents and the presentation of the topic.