Skip to Main Content

Hitachi Logo
earth icon
    mail icon Contact Us
    Hitachi Global
    Hitachi Global

    HIRT-PUB20002 : Treck TCP/IP Vulnerabilities (Ripple20)

    Last Update: August 17, 2020

      1. Overview

      Treck Inc.'s embedded TCP/IP stack is affected by multiple vulnerabilities.

       

      CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-11914

      2. Impact

      The vulnerabilities range in severity and therefore have varying levels of risk.

      3. Solution

      Update to the latest stable version of Treck IP stack software.

      3.1 Treck Inc.

      Vulnerability Response Information
      https://treck.com/vulnerability-response-information/

      3.2 ZUKEN ELMIC,INC

      KASAGO is one of branches of the Treck's TCP/IP stack.

       

      Security Information: KASAGO TCP/IP Stack [Japanese]
      https://www.elwsc.co.jp/news/4136/

      4. Hitachi Product Information

      August 17, 2020

      Hitachi Global Life Solutions, Inc. products are not affected by this issue.

      June 22, 2020

      Under investigation and Published Security Advisory HIRT-PUB20002.

      5. References

      5.1 Vulnerability Enumeration

      CVE-2020-11896
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11896

      CVE-2020-11897
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11897

      CVE-2020-11898
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11898

      CVE-2020-11899
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11899

      CVE-2020-11900
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11900

      CVE-2020-11901
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11901

      CVE-2020-11902
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11902

      CVE-2020-11903
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11903

      CVE-2020-11904
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11904

      CVE-2020-11905
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11905

      CVE-2020-11906
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11906

      CVE-2020-11907
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11907

      CVE-2020-11908
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11908

      CVE-2020-11909
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11909

      CVE-2020-11910
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11910

      CVE-2020-11911
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11911

      CVE-2020-11912
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11912

      CVE-2020-11913
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11913

      CVE-2020-11914
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11914

      5.2 Security Advisories

      CERT Coordination Center
      Treck IP stacks contain multiple vulnerabilities (June 16, 2020)
      https://www.kb.cert.org/vuls/id/257161

      ICS-CERT
      ICSA-20-168-01: Treck TCP/IP Stack (June 18, 2020)
      https://www.us-cert.gov/ics/advisories/icsa-20-168-01

      5.3 Related Information

      JSOF research lab
      Ripple20 (June 16, 2020)
      https://www.jsof-tech.com/ripple20/

      6. Update history

      August 17, 2020

      • Add: Hitachi Product Information

      June 22, 2020

      • This webpage was newly created and published.

      Masato Terada (HIRT) and Naoko Ohnishi (HIRT)