Ripple20: More Vulnerable Devices Discovered, Including New Vendors

On June 16, researchers from JSOF research lab disclosed a set of 19 vulnerabilities, dubbed “Ripple20”, which could impact millions of operational technology (OT), Internet of Things (IoT), and IT devices. The vulnerabilities exist within an embedded TCP/IP software library developed by Treck Inc., a developer of embedded internet protocols. Followers of the Tenable Security Response Team may recall that we first wrote a blog post about the Ripple20 vulnerabilities on the day of its disclosure.

When the Ripple20 advisory was published, Tenable Research contacted JSOF to collaborate on the discovery of affected devices. With guidance from JSOF on various detection methods, the Tenable Research team was able to help identify 34 additional vendors and 47 additional devices that were potentially affected. The findings were reported to JSOF who continues to  work with CERT/CC on the disclosure process with the affected vendors.

You can read more about the devices and vendors identified as well as get more information about which vendors have posted security advisories by following along with our blog here.