CVE-2020-28400

CWE-770 — Allocation without Limits3 documents3 sources

Severity

8.7HIGH

EPSS

1.1%

top 22.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

236

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +233 more

Timeline

PublishedJul 13

Latest updateMay 24

Description

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages237 packages

▶CVEListV5siemens/scalance_x208< V5.2.5

▶CVEListV5siemens/scalance_x216< V5.2.5

▶CVEListV5siemens/scalance_x224< V5.2.5

▶CVEListV5siemens/scalance_x310< V4.1.4

▶CVEListV5siemens/scalance_xc208< V4.3

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-7jh3-xvhx-2q5v: A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evalua↗2022-05-24

▶

CVEList

CVE-2020-28400: Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition↗2021-07-13

▶