CVE-2020-28400

7.5HIGH

Key Information:

Vendor: Siemens
Status: Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller; Development/evaluation Kits For Profinet Io: Ek-ertec 200; Development/evaluation Kits For Profinet Io: Ek-ertec 200p; Ruggedcom Rm1224 Lte(4g) Eu
Vendor: CVE Published:; 13 July 2021

Summary

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59996...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-5999...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Nov 10, 2020