The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory regarding a critical vulnerability in Treck’s TCP/IP stack, which is widely used in industrial control systems (ICS). The vulnerability, known as Ripple20, affects various Treck TCP/IP components, including IPv4, IPv6, DNS, DHCP, and TCP. These vulnerabilities can lead to severe consequences, including remote code execution, out-of-bounds reads, and memory corruption. If exploited by an attacker, these flaws could result in unauthorized control of affected devices, potentially leading to complete system compromise. CISA has rated the vulnerabilities with a CVSS v3 score of 10.0, highlighting the severe risk posed to ICS networks.
The flaws arise from multiple coding issues, including improper handling of length parameter inconsistencies, invalid input validation, and double-free errors. These vulnerabilities may allow attackers to manipulate TCP/IP packet handling, causing memory leaks or allowing them to read sensitive data. Other vulnerabilities in the stack could allow attackers to gain unauthorized access to system configurations, potentially altering system operations or disabling crucial security mechanisms. The vulnerabilities affect various components of the Treck TCP/IP stack, such as ARP, ICMPv4, UDP, and TCP, with some allowing unauthorized access to sensitive information.
Treck has issued patches to address these vulnerabilities, urging users to update their affected devices to version 6.0.1.67 or later. Given the widespread use of the Treck TCP/IP stack in various critical infrastructure sectors such as energy, healthcare, transportation, and IT, device manufacturers and operators must take immediate action. Companies like ABB, Caterpillar, and Schneider Electric have been affected, and many have released security advisories urging users to patch their products accordingly. While Treck has released its own mitigation, affected organizations are encouraged to work with manufacturers to apply the necessary updates.
CISA’s advisory emphasizes that these vulnerabilities are critical and that operators in sectors like critical manufacturing, energy, and public health must prioritize addressing them. The security flaws could expose sensitive data, disrupt essential services, and even compromise the integrity of industrial systems. In light of these risks, organizations that rely on Treck’s TCP/IP stack for their operations are strongly urged to implement the recommended patches and coordinate with device vendors to mitigate the threat. Immediate action is essential to protect ICS devices from remote attacks and ensure the security of critical infrastructure worldwide.
Reference:
