Ripple20 Vulnerability – Expert Source

By   ISBuzz Team
Writer , Information Security Buzz | Jul 03, 2020 08:37 am PST

As of June 16, 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect several hundred million connected devices. There are at least 21 confirmed affected vendors including Aruba Networks, Cisco, Dell, Digi International, HP, Intel, as well as several OT device manufacturers, such as Rockwell Automation and Schneider Electric/APC.

Four vulnerabilities are considered critical and are tracked against CVE-2020-11896, CVE-2020-11897, CVE-2020-11898 and CVE-2020-11901. These four have a CVSS severity score greater than 9 and can lead to remote code execution if weaponized. It is recommended affected devices are updated to the latest Treck stack version or greater.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Mike Cotton
Mike Cotton , SVP of engineering
July 3, 2020 4:43 pm

With a lack of standardization and security requirements across IoT developers and manufacturers, vulnerability disclosures, like the Ripple20 collection, pose a serious threat to networks with increased IoT adoption and deployments if not properly segmented.

Last edited 3 years ago by Mike Cotton

Recent Posts

Would love your thoughts, please comment.x