CVE-2021-31401 - OpenCVE

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcc-embedded	Nichestack
Siemens	Sentron 3wa Com190 Sentron 3wa Com190 Firmware Sentron 3wl Com35 Sentron 3wl Com35 Firmware

Configuration 1 [-]

cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-19T11:25:42

Updated: 2024-08-03T22:55:53.721Z

Reserved: 2021-04-15T00:00:00

Link: CVE-2021-31401

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-19T12:15:08.893

Modified: 2021-08-26T18:09:19.857

Link: CVE-2021-31401

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-19T11:26:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31401", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/", "refsource": "MISC", "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/608209"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:55:53.721Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/608209"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31401", "datePublished": "2021-08-19T11:25:42", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-08-03T22:55:53.721Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*", "matchCriteriaId": "36A27EF5-D19C-4126-850C-89387A7A1410", "versionEndExcluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3wl_com35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "438332F0-E222-48FB-BA95-0A79EAC9E448", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3wl_com35:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF6988F4-8734-4B27-AD0B-B91F25654F9A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sentron_3wa_com190_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B62056DC-DF99-4118-9B22-45E51980CD7F", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sentron_3wa_com190:-:*:*:*:*:*:*:*", "matchCriteriaId": "797EAA6F-5E8C-4855-87ED-CE4D76D02571", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet."}, {"lang": "es", "value": "Se ha detectado un problema en la funci\u00f3n tcp_rcv() en el archivo nptcp.c en HCC embedded InterNiche versi\u00f3n 4.0.1. El c\u00f3digo de procesamiento del encabezado TCP no sanea el valor del campo de longitud total de IP (longitud del encabezado + longitud de los datos). Con un paquete IP dise\u00f1ado, se produce un desbordamiento de enteros cuando el valor de la longitud de datos IP se calcula restando la longitud del encabezado de la longitud total del paquete IP."}], "id": "CVE-2021-31401", "lastModified": "2021-08-26T18:09:19.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-19T12:15:08.893", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}