7.5

CVE-2020-28393

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

Data is provided by the National Vulnerability Database (NVD)
SiemensScalance Xm-400 Firmware Version < 6.4
   SiemensScalance Xm-400 Version-
SiemensScalance Xr524 Firmware Version < 6.4
   SiemensScalance Xr524 Version-
SiemensScalance Xr526 Firmware Version < 6.4
   SiemensScalance Xr526 Version-
SiemensScalance Xr528 Firmware Version < 6.4
   SiemensScalance Xr528 Version-
SiemensScalance Xr552 Firmware Version < 6.4
   SiemensScalance Xr552 Version-
SiemensScalance Xm416-4c Firmware Version < 6.4
   SiemensScalance Xm416-4c Version-
SiemensScalance Xm408-8c Firmware Version < 6.4
   SiemensScalance Xm408-8c Version-
SiemensScalance Xm408-4c Firmware Version < 6.4
   SiemensScalance Xm408-4c Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.53% 0.645
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10
Third Party Advisory
US Government Resource