8.6
CVE-2020-6998
- EPSS 0.49%
- Veröffentlicht 27.07.2022 21:15:08
- Zuletzt bearbeitet 17.04.2025 16:15:21
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Armor Compact Guardlogix 5370 Firmware Version <= 33
Rockwellautomation ≫ Compact Guardlogix 5370 Firmware Version <= 33
Rockwellautomation ≫ Compactlogix 5370 L1 Firmware Version <= 33
Rockwellautomation ≫ Compactlogix 5370 L2 Firmware Version <= 33
Rockwellautomation ≫ Compactlogix 5370 L3 Firmware Version <= 33
Rockwellautomation ≫ Controllogix 5570 Firmware Version <= 33
Rockwellautomation ≫ Guardlogix 5560 Firmware Version <= 33
Rockwellautomation ≫ Guardlogix 5570 Firmware Version <= 33
Rockwellautomation ≫ Guardlogix 5580 Firmware Version <= 33
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.645 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| ics-cert@hq.dhs.gov | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.