Vulnerability Details CVE-2020-13987
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128
- https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128
Products affected by CVE-2020-13987
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.873
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.874
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.875
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.876
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.877
-
cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.878
-
cpe:2.3:a:uip_project:uip:0.5
-
cpe:2.3:a:uip_project:uip:0.6
-
cpe:2.3:a:uip_project:uip:0.9
-
cpe:2.3:a:uip_project:uip:1.0
-
cpe:2.3:h:siemens:sentron_3va_com100:-
-
cpe:2.3:h:siemens:sentron_3va_com800:-
-
cpe:2.3:h:siemens:sentron_pac3200:-
-
cpe:2.3:h:siemens:sentron_pac4200:-
-
cpe:2.3:o:contiki-os:contiki:-
-
cpe:2.3:o:contiki-os:contiki:2.0
-
cpe:2.3:o:contiki-os:contiki:2.1
-
cpe:2.3:o:contiki-os:contiki:2.2
-
cpe:2.3:o:contiki-os:contiki:2.2.1
-
cpe:2.3:o:contiki-os:contiki:2.2.2
-
cpe:2.3:o:contiki-os:contiki:2.2.3
-
cpe:2.3:o:contiki-os:contiki:2.3
-
cpe:2.3:o:contiki-os:contiki:2.4
-
cpe:2.3:o:contiki-os:contiki:2.5
-
cpe:2.3:o:contiki-os:contiki:2.6
-
cpe:2.3:o:contiki-os:contiki:2.7
-
cpe:2.3:o:contiki-os:contiki:3.0
-
cpe:2.3:o:siemens:sentron_3va_com100_firmware:-
-
cpe:2.3:o:siemens:sentron_3va_com800_firmware:-
-
cpe:2.3:o:siemens:sentron_pac3200_firmware:-
-
cpe:2.3:o:siemens:sentron_pac4200_firmware:-