New vulnerabilities discovered in TCP software library could affect millions of devices

JSOF research lab discovered a collection of 19 vulnerabilities, named Ripple20, in a low-level TCP/IP software library developed by Treck company, which is deployed across the supply chain of IT solutions, including IoT devices. The researchers found that one part of Treck’s code was bug-ridden. This part was built to handle the TCP/IP protocol that connects IoT devices to the internet. These vulnerabilities were discovered in devices of more than ten manufacturers such as HP, Intel, Rockwell Automation, Caterpillar, and Schneider Electric, and can potentially affect hundreds of millions IoT devices. The lab reported the flaws to Treck, which has prepared a fix, and to cybersecurity agencies and companies around the world.