Denial of Service Vulnerability in Siemens Industrial Devices
CVE-2020-28400

7.5HIGH

Key Information:

Vendor: Siemens
Status: Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller; Development/evaluation Kits For Profinet Io: Ek-ertec 200; Development/evaluation Kits For Profinet Io: Ek-ertec 200p; Ruggedcom Rm1224 Lte(4g) Eu
Vendor: CVE Published:; 13 July 2021

What is CVE-2020-28400?

Siemens Industrial Devices are susceptible to a vulnerability that enables unauthenticated attackers to induce a denial of service. By sending a large volume of DCP reset packets to the device, attackers can disrupt device operations, leading to potential outages and service degradation. This poses significant risks for systems relying on these devices, affecting both functionality and availability.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59996...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-5999...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Nov 10, 2020