CVE-2021-20986

EPSS 0.47%
Published 16.02.2021 17:15:12
Last modified 21.11.2024 05:47:20
Source info@cert.vde.com
Teams watchlist Login
Open Login

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Hilscher ≫ Profinet Io Device Firmware Version >= 3.0 < 3.14.0.7

Hilscher ≫ Profinet Io Device Version-

Pepperl-fuchs ≫ Pgv100-f200a-b17-v1d Firmware Version <= 2.0.0

Pepperl-fuchs ≫ Pgv100-f200a-b17-v1d Version-

Pepperl-fuchs ≫ Pgv150i-f200a-b17-v1d Firmware Version <= 2.0.0

Pepperl-fuchs ≫ Pgv150i-f200a-b17-v1d Version-

Pepperl-fuchs ≫ Pgv100-f200-b17-v1d-7477 Firmware Version <= 2.0.0

Pepperl-fuchs ≫ Pgv100-f200-b17-v1d-7477 Version-

Pepperl-fuchs ≫ Pxv100-f200-b17-v1d Firmware Version <= 4.2.0

Pepperl-fuchs ≫ Pxv100-f200-b17-v1d Version-

Pepperl-fuchs ≫ Pxv100-f200-b17-v1d-3636 Firmware Version <= 4.2.0

Pepperl-fuchs ≫ Pxv100-f200-b17-v1d-3636 Version-

Pepperl-fuchs ≫ Pcv80-f200-b17-v1d Firmware Version <= 3.2.3

Pepperl-fuchs ≫ Pcv80-f200-b17-v1d Version-

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d Firmware Version <= 3.2.3

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d Version-

Pepperl-fuchs ≫ Pcv50-f200-b17-v1d Firmware Version <= 3.2.3

Pepperl-fuchs ≫ Pcv50-f200-b17-v1d Version-

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011-6997 Firmware Version <= 3.2.3

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011-6997 Version-

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011 Firmware Version <= 3.2.5

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011 Version-

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011-8203 Firmware Version <= 3.2.5

Pepperl-fuchs ≫ Pcv100-f200-b17-v1d-6011-8203 Version-

Pepperl-fuchs ≫ Pxv100a-f200-b28-v1d Firmware Version <= 1.0.3

Pepperl-fuchs ≫ Pxv100a-f200-b28-v1d Version-

Pepperl-fuchs ≫ Pxv100a-f200-b28-v1d-6011 Firmware Version <= 1.0.3

Pepperl-fuchs ≫ Pxv100a-f200-b28-v1d-6011 Version-

Pepperl-fuchs ≫ Pgv100a-f200-b28-v1d Firmware Version <= 1.0.3

Pepperl-fuchs ≫ Pgv100a-f200-b28-v1d Version-

Pepperl-fuchs ≫ Pgv100a-f200a-b28-v1d Firmware Version <= 1.0.3

Pepperl-fuchs ≫ Pgv100a-f200a-b28-v1d Version-

Pepperl-fuchs ≫ Pgv100aq-f200a-b28-v1d Firmware Version <= 2.1.1

Pepperl-fuchs ≫ Pgv100aq-f200a-b28-v1d Version-

Pepperl-fuchs ≫ Pgv100aq-f200-b28-v1d Firmware Version <= 2.1.1

Pepperl-fuchs ≫ Pgv100aq-f200-b28-v1d Version-

Pepperl-fuchs ≫ Pxv100aq-f200-b28-v1d Firmware Version <= 2.1.1

Pepperl-fuchs ≫ Pxv100aq-f200-b28-v1d Version-

Pepperl-fuchs ≫ Pxv100aq-f200-b28-v1d-6011 Firmware Version <= 2.1.1

Pepperl-fuchs ≫ Pxv100aq-f200-b28-v1d-6011 Version-

Pepperl-fuchs ≫ Ohv-f230-b17 Firmware Version <= 1.1.0

Pepperl-fuchs ≫ Ohv-f230-b17 Version-

Pepperl-fuchs ≫ Oit500-f113b17-cb Firmware Version <= 1.3.4

Pepperl-fuchs ≫ Oit500-f113b17-cb Version-

Pepperl-fuchs ≫ Pha Firmware Version <= 3.1.5

Pepperl-fuchs ≫ Wcs Firmware Version <= 3.0.0

   Pepperl-fuchs ≫ Wcs3b-ls610 Version-
   Pepperl-fuchs ≫ Wcs3b-ls610-om Version-
   Pepperl-fuchs ≫ Wcs3b-ls610d Version-
   Pepperl-fuchs ≫ Wcs3b-ls610d-om Version-
   Pepperl-fuchs ≫ Wcs3b-ls610dh Version-
   Pepperl-fuchs ≫ Wcs3b-ls610dh-om Version-
   Pepperl-fuchs ≫ Wcs3b-ls610h Version-
   Pepperl-fuchs ≫ Wcs3b-ls610h-om Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.632

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cert.vde.com/en-us/advisories/vde-2021-006

Third Party Advisory

https://kb.hilscher.com/display/ISMS/2020-12-03+Denial+of+Service+vulnerability+in+PROFINET+IO+Device

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20986

EUVD