Treck TCP/IP Stack (Update A)
Act Now9.8ICS-CERT ICSA-20-353-01Dec 18, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Treck TCP/IP stack contains buffer overflow and out-of-bounds access vulnerabilities in IPv6, HTTP Server, and DHCPv6 components (versions 6.0.1.67 and earlier). Successful exploitation may allow remote code execution and denial-of-service conditions. The vulnerabilities exist in CWE-122 (heap-based buffer overflow), CWE-787 (out-of-bounds write), and CWE-125 (out-of-bounds read). No known public exploits are available, but high skill level is required to exploit.
What this means
What could happen
An attacker could execute arbitrary code or crash devices running the affected Treck TCP/IP stack, disrupting communication on industrial networks and potentially affecting control system operations.
Who's at risk
This affects embedded devices and industrial equipment that use the Treck TCP/IP stack, including programmable controllers, network appliances, and embedded systems in water treatment facilities, electrical substations, and manufacturing plants. Any device communicating over IPv6 or DHCP v6 is at risk.
How it could be exploited
An attacker sends a specially crafted network packet (IPv6, HTTP, or DHCPv6) to a device running the vulnerable Treck TCP/IP stack. The packet exploits buffer overflow or out-of-bounds memory access flaws in the stack, allowing remote code execution without authentication or user interaction.
Prerequisites
- Network access to the device running Treck TCP/IP stack on IPv6, HTTP (typically port 80), or DHCPv6 port 67/68
- No authentication required
- No special configuration needed—vulnerability is in the base TCP/IP stack implementation
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8 critical)Affects availability and confidentialityBuffer overflow/memory corruption vulnerability
Exploitability
Moderate exploit probability (EPSS 3.8%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
TCP/IP stack IPv6:≤ 6.0.1.676.0.1.68 or later
TCP/IP stack HTTP Server:≤ 6.0.1.676.0.1.68 or later
TCP/IP stack DHCPv6:≤ 6.0.1.676.0.1.68 or later
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDImplement firewall rules to block or filter HTTP packets with negative content length values in headers
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Treck TCP/IP stack to version 6.0.1.68 or later
Long-term hardening
0/2HARDENINGIsolate devices running Treck TCP/IP stack from the Internet and untrusted networks using firewalls and network segmentation
HARDENINGSegment control system networks from business networks and restrict remote access through VPN with current patches
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/95265c4d-779d-4079-b25c-958f2d427dbe