A vulnerability classified as critical has been found in Nucleus NET, RTOS, ReadyStart for ARM, ReadyStart for MIPS, ReadyStart for PPC, SafetyCert, Source Code and VSTAR V2017.02.2. Affected is an unknown code. The manipulation as part of a DHCP Packet leads to a logic error vulnerability. CWE is classifying the issue as CWE-840. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack. At the time of advisory publication no public exploitation of this security vulnerability was known.

The weakness was released 01/16/2020. This vulnerability is traded as CVE-2019-13939 since 07/18/2019. The attack needs to be initiated within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Nucleus

Name

• NET
• ReadyStart for ARM
• ReadyStart for MIPS
• ReadyStart for PPC
• RTOS
• SafetyCert
• Source Code
• VSTAR

Version

• V2017.02.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion