CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/815128 Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf Patch Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*

History

06 Aug 2022, 03:52

Type Values Removed Values Added
First Time Siemens sentron 3va Com100
Uip Project
Open-iscsi Project open-iscsi
Siemens sentron Pac4200
Uip Project uip
Siemens sentron 3va Com800 Firmware
Siemens sentron Pac4200 Firmware
Siemens sentron Pac3200 Firmware
Siemens
Siemens sentron 3va Com100 Firmware
Siemens sentron 3va Com800
Open-iscsi Project
Siemens sentron Pac3200
CPE cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*
cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf - Patch, Third Party Advisory

09 Mar 2021, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf -

Information

Published : 2020-12-11 22:15

Updated : 2022-08-06 03:52


NVD link : CVE-2020-13987

Mitre link : CVE-2020-13987


JSON object : View

Products Affected

siemens

  • sentron_pac3200
  • sentron_pac4200_firmware
  • sentron_pac3200_firmware
  • sentron_3va_com100
  • sentron_3va_com100_firmware
  • sentron_3va_com800_firmware
  • sentron_pac4200
  • sentron_3va_com800

open-iscsi_project

  • open-iscsi

uip_project

  • uip

contiki-os

  • contiki
CWE
CWE-125

Out-of-bounds Read