CVE-2021-31401

high

Description

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

References

Advisories
References

https://www.kb.cert.org/vuls/id/608209

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/

https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/

Details

Source: Mitre, NVD

Published: 2021-08-19

Updated: 2026-06-17

Named Vulnerability: INFRA:HALT

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00713