Share:

Ripple20 is a cybersecurity threat so named because of the capacity for a ripple effect it could have on the supply chain. Its vulnerabilities have been integrated into potentially billions of consumer, enterprise and industrial IoT devices over the last two decades. Security expert firm JSOF stated that devices from many OEMs and integrators, including companies in medical, enterprise, telecom, energy, retail and other verticals, are vulnerable. Cybercriminals can exploit the weakness to steal data or cause equipment to malfunction.

On June 16, JSOF’s research lab released a comprehensive report (called Ripple20) that outlines 19 vulnerabilities traced to certain versions of the TCP/IP stack from Treck Inc.
 

More details can be found at:

https://www.us-cert.gov/ics/advisories/icsa-20-168-01
https://treck.com/vulnerability-response-information/

Ripple20

Vulnerabilities have been listed in the CVE database with the following numbers:

  • CVE-2020-11896
  • CVE-2020-11897
  • CVE-2020-11901
  • CVE-2020-11898
  • CVE-2020-11900
  • CVE-2020-11902
  • CVE-2020-11904
  • CVE-2020-11899
  • CVE-2020-11903
  • CVE-2020-11905
  • CVE-2020-11906
  • CVE-2020-11907
  • CVE-2020-11909
  • CVE-2020-11910
  • CVE-2020-11911
  • CVE-2020-11912
  • CVE-2020-11913
  • CVE-2020-11914
  • CVE-2020-11908

The research report (https://www.jsof-tech.com/ripple20/) shows Telit as a possible vendor using libraries from Treck Inc.

 Since the news broke in May, Telit has been working with Treck Inc., CISA and ISC-CERT to understand the impact of the vulnerabilities on Telit products.

 As of today, our investigation has only found that Treck Inc. TCP/IP stack libraries have been used in the following products: GS1011 and GS1500. These products have been EOL since 2017.

Currently, there are no Telit-active products impacted by these vulnerabilities.

For any other details, please contact the Telit Security Team by using the following link:
https://www.telit.com/contact-us and select “Security” in the “I Am Writing About.
 
 
Last updated: 23 June 2020 at 12:00 p.m.