CVE-2020-9307
published 2021-02-11CVE-2020-9307: Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of…
PriorityP426medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.57%
42.7th percentile
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belden | hirschmann_hios | >= 07.0.04 < 07.1.00 | 07.1.00 |
| belden | hirschmann_hios | >= 08.0.00 < 08.3.00 | 08.3.00 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.06.1MEDIUMAV:A/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gfvh-r99j-x28p: Hirschmann OS2, RSP, and RSPE devices before HiOS 08
ghsa_unreviewed·2022-05-24
CVE-2020-9307 [MEDIUM] CWE-835 GHSA-gfvh-r99j-x28p: Hirschmann OS2, RSP, and RSPE devices before HiOS 08
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
CISA ICS
Hitachi ABB Power Grids AFS Series
cisa_ics·2021-03-16·CVSS 6.5
[MEDIUM] Hitachi ABB Power Grids AFS Series
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi ABB Power Grids AFS Series
Last RevisedMarch 16, 2021
Alert CodeICSA-21-075-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Low skill level to exploit
- Vendor: Hitachi ABB Power Grids
- Equipment: AFS Series
- Vulnerability: Infinite Loop
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition on one of the ports in a HSR ring.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi ABB Power Grids reports the vulnerability affects the following products in the AFS Series:
- AFS660/AFS665 Version 7.0
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-11
Published