Ripple20 vulnerability affects hundreds of millions of devices

Researchers at JSOF, an Israeli cybersecurity firm, found a series of 0day vulnerabilities in a widely used underlying TCP/IP library, collectively known as Ripple20, affecting hundreds of millions of devices, including a large number of IoT devices, such as grid equipment, medical systems, industrial devices, and more. Developed by software company Treck, this TCP/IP library was first released in 1997 and implements a lightweight TCP/IP stack that has been widely used by enterprises for more than two decades to implement networking capabilities.

Ripple20 vulnerability affects hundreds of millions of devices

The JSOF team found 19 vulnerabilities in this library that can be used for rights raisings, denial of attacks, and information disclosure. The Fortune 500 companies affected include HP, Schneider, Intel, Rockwell, Caterpillar, and Baxter.