Critical severity9.1NVD Advisory· Published Aug 19, 2021· Updated Jun 17, 2026
CVE-2020-35685
CVE-2020-35685
Description
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- HCC/Nichestackdescription
- Range: 3.0
Patches
Vulnerability mechanics
References
4- cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfnvdMitigationThird Party Advisory
- www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/nvdMitigationThird Party Advisory
- www.kb.cert.org/vuls/id/608209nvdThird Party AdvisoryUS Government Resource
- www.hcc-embedded.comnvdProduct
News mentions
0No linked articles in our index yet.