Ripple20 Vulnerabilities Affecting Treck IP Stacks

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) reports it is aware of multiple vulnerabilities, known as Ripple20, affecting Treck IP stack implementations for embedded systems. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following products for additional information and mitigations, and update to the latest stable version of Treck IP stack software (6.0.1.67 or later).

• Treck TCP/IP Stack (ICSA-20-168-01) – Now on Update A, and originally reported on in Tuesday’s Security and Resilience Update
• CERT Coordination Center’s Vulnerability Note VU#257161
• Treck’s Vulnerability Response Information

Read the advisory at CISA.