8.7
CVE-2020-28400
- EPSS 1.08%
- Published 13.07.2021 11:15:08
- Last modified 10.12.2024 14:15:19
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Ek-ertec 200p Evaluation Kit Firmware Version < 4.7
Siemens ≫ Ruggedcom Rm1224 Firmware Version < 6.4
Siemens ≫ Scalance M-800 Firmware Version < 6.4
Siemens ≫ Scalance S615 Firmware Version < 6.4
Siemens ≫ Scalance X200-4 P Irt Firmware Version < 5.5.0
Siemens ≫ Scalance X201-3p Irt Firmware Version < 5.5.0
Siemens ≫ Scalance X201-3p Irt Pro Firmware Version < 5.5.0
Siemens ≫ Scalance X202-2 Irt Firmware Version < 5.5.0
Siemens ≫ Scalance X202-2p Irt Pro Firmware Version < 5.5.0
Siemens ≫ Scalance X204 Irt Firmware Version < 5.5.0
Siemens ≫ Scalance X204 Irt Pro Firmware Version < 5.5.0
Siemens ≫ Scalance X204-2 Firmware Version < 5.2.5
Siemens ≫ Scalance X204-2fm Firmware Version < 5.2.5
Siemens ≫ Scalance X204-2ld Firmware Version < 5.2.5
Siemens ≫ Scalance X204-2ld Ts Firmware Version < 5.2.5
Siemens ≫ Scalance X204-2ts Firmware Version < 5.2.5
Siemens ≫ Scalance X206-1 Firmware Version < 5.2.5
Siemens ≫ Scalance X206-1ld Firmware Version < 5.2.5
Siemens ≫ Scalance X208 Firmware Version < 5.2.5
Siemens ≫ Scalance X208pro Firmware Version < 5.2.5
Siemens ≫ Scalance X212-2 Firmware Version < 5.2.5
Siemens ≫ Scalance X212-2ld Firmware Version < 5.2.5
Siemens ≫ Scalance X216 Firmware Version < 5.2.5
Siemens ≫ Scalance X224 Firmware Version < 5.2.5
Siemens ≫ Scalance Xb-200 Firmware Version < 4.3
Siemens ≫ Scalance Xc-200 Firmware Version < 4.3
Siemens ≫ Scalance Xf201-3p Irt Firmware Version < 5.5.0
Siemens ≫ Scalance Xf202-2p Irt Firmware Version < 5.5.0
Siemens ≫ Scalance Xf204 Firmware Version < 5.2.5
Siemens ≫ Scalance Xf204 Irt Firmware Version < 5.5.0
Siemens ≫ Scalance Xf204-2 Firmware Version < 5.2.5
Siemens ≫ Scalance Xf204-2ba Irt Firmware Version < 5.5.0
Siemens ≫ Scalance Xf206-1 Firmware Version < 5.2.5
Siemens ≫ Scalance Xf208 Firmware Version < 5.2.5
Siemens ≫ Scalance Xf-200ba Firmware Version < 4.3
Siemens ≫ Scalance Xm400 Firmware Version < 6.3.1
Siemens ≫ Scalance Xp-200 Firmware Version < 4.3
Siemens ≫ Scalance Xr500 Firmware Version < 6.3.1
Siemens ≫ Scalance Xr-300wg Firmware Version < 4.3
Siemens ≫ Simatic Mv500 Firmware Version < 3.0
Siemens ≫ Simatic Net Cp1616 Firmware Version <= 2.7
Siemens ≫ Simatic Net Cp1604 Firmware Version <= 2.7
Siemens ≫ Simatic Net Dk-16xx Pn Io Version <= 2.7
Siemens ≫ Simatic Profinet Driver Firmware Version < 2.3
Siemens ≫ Simatic S7-1200 Firmware Version < 4.5
Siemens ≫ Simocode Prov Ethernet/ip Firmware Version < 1.1.3
Siemens ≫ Simocode Prov Profinet Firmware Version < 2.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.771 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| productcert@siemens.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.