Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Published

2021-07-13T11:15:08.960

Last Modified

2024-12-10T14:15:19.373

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-770
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	dk_standard_ethernet_controller_evaluation_kit_firmware	*	Yes
Hardware	siemens	dk_standard_ethernet_controller_evaluation_kit	-	No
Operating System	siemens	ek-ertec_200_evaulation_kit_firmware	*	Yes
Hardware	siemens	ek-ertec_200_evaulation_kit	-	No
Operating System	siemens	ek-ertec_200p_evaluation_kit_firmware	< 4.7	Yes
Hardware	siemens	ek-ertec_200p_evaluation_kit	-	No
Operating System	siemens	ruggedcom_rm1224_firmware	< 6.4	Yes
Hardware	siemens	ruggedcom_rm1224	-	No
Operating System	siemens	scalance_m-800_firmware	< 6.4	Yes
Hardware	siemens	scalance_m-800	-	No
Operating System	siemens	scalance_s615_firmware	< 6.4	Yes
Hardware	siemens	scalance_s615	-	No
Operating System	siemens	scalance_w700_firmware	*	Yes
Hardware	siemens	scalance_w700	-	No
Operating System	siemens	scalance_w1700_firmware	*	Yes
Hardware	siemens	scalance_w1700	-	No
Operating System	siemens	scalance_x200-4_p_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x200-4_p_irt	-	No
Operating System	siemens	scalance_x201-3p_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x201-3p_irt	-	No
Operating System	siemens	scalance_x201-3p_irt_pro_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x201-3p_irt_pro	-	No
Operating System	siemens	scalance_x202-2_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x202-2_irt	-	No
Operating System	siemens	scalance_x202-2p_irt_pro_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x202-2p_irt_pro	-	No
Operating System	siemens	scalance_x204_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x204_irt	-	No
Operating System	siemens	scalance_x204_irt_pro_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_x204_irt_pro	-	No
Operating System	siemens	scalance_x204-2_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x204-2_	-	No
Operating System	siemens	scalance_x204-2fm_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x204-2fm	-	No
Operating System	siemens	scalance_x204-2ld_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x204-2ld	-	No
Operating System	siemens	scalance_x204-2ld_ts_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x204-2ld_ts	-	No
Operating System	siemens	scalance_x204-2ts_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x204-2ts	-	No
Operating System	siemens	scalance_x206-1_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x206-1	-	No
Operating System	siemens	scalance_x206-1ld_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x206-1ld	-	No
Operating System	siemens	scalance_x208_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x208	-	No
Operating System	siemens	scalance_x208pro_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x208pro	-	No
Operating System	siemens	scalance_x212-2_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x212-2	-	No
Operating System	siemens	scalance_x212-2ld_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x212-2ld	-	No
Operating System	siemens	scalance_x216_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x216	-	No
Operating System	siemens	scalance_x224_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_x224	-	No
Operating System	siemens	scalance_x302-7eec_firmware	*	Yes
Hardware	siemens	scalance_x302-7eec	-	No
Operating System	siemens	scalance_x304-2fe_firmware	*	Yes
Hardware	siemens	scalance_x304-2fe	-	No
Operating System	siemens	scalance_x306-1ldfe_firmware	*	Yes
Hardware	siemens	scalance_x306-1ldfe	-	No
Operating System	siemens	scalance_x307-2eec_firmware	*	Yes
Hardware	siemens	scalance_x307-2eec	-	No
Operating System	siemens	scalance_x307-3_firmware	*	Yes
Hardware	siemens	scalance_x307-3	-	No
Operating System	siemens	scalance_x307-3ld_firmware	*	Yes
Hardware	siemens	scalance_x307-3ld	-	No
Operating System	siemens	scalance_x308-2_firmware	*	Yes
Hardware	siemens	scalance_x308-2	-	No
Operating System	siemens	scalance_x308-2ld_firmware	*	Yes
Hardware	siemens	scalance_x308-2ld	-	No
Operating System	siemens	scalance_x308-2lh_firmware	*	Yes
Hardware	siemens	scalance_x308-2lh	-	No
Operating System	siemens	scalance_x308-2lh\+_firmware	*	Yes
Hardware	siemens	scalance_x308-2lh\+	-	No
Operating System	siemens	scalance_x308-2m_firmware	*	Yes
Hardware	siemens	scalance_x308-2m	-	No
Operating System	siemens	scalance_x308-2m_poe_firmware	*	Yes
Hardware	siemens	scalance_x308-2m_poe	-	No
Operating System	siemens	scalance_x308-2m_ts_firmware	*	Yes
Hardware	siemens	scalance_x308-2m_ts	-	No
Operating System	siemens	scalance_x310_firmware	*	Yes
Hardware	siemens	scalance_x310	-	No
Operating System	siemens	scalance_x310fe_firmware	*	Yes
Hardware	siemens	scalance_x310fe	-	No
Operating System	siemens	scalance_x320-1fe_firmware	*	Yes
Hardware	siemens	scalance_x320-1fe	-	No
Operating System	siemens	scalance_x320-3ldfe_firmware	*	Yes
Hardware	siemens	scalance_x320-3ldfe	-	No
Operating System	siemens	scalance_xb-200_firmware	< 4.3	Yes
Hardware	siemens	scalance_xb-200	-	No
Operating System	siemens	scalance_xc-200_firmware	< 4.3	Yes
Hardware	siemens	scalance_xc-200	-	No
Operating System	siemens	scalance_xf201-3p_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_xf201-3p_irt	-	No
Operating System	siemens	scalance_xf202-2p_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_xf202-2p_irt	-	No
Operating System	siemens	scalance_xf204_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_xf204	-	No
Operating System	siemens	scalance_xf204_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_xf204_irt	-	No
Operating System	siemens	scalance_xf204-2_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_xf204-2_	-	No
Operating System	siemens	scalance_xf204-2ba_irt_firmware	< 5.5.0	Yes
Hardware	siemens	scalance_xf204-2ba_irt	-	No
Operating System	siemens	scalance_xf206-1_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_xf206-1	-	No
Operating System	siemens	scalance_xf208_firmware	< 5.2.5	Yes
Hardware	siemens	scalance_xf208	-	No
Operating System	siemens	scalance_xf-200ba_firmware	< 4.3	Yes
Hardware	siemens	scalance_xf-200ba	-	No
Operating System	siemens	scalance_xm400_firmware	< 6.3.1	Yes
Hardware	siemens	scalance_xm400	-	No
Operating System	siemens	scalance_xp-200_firmware	< 4.3	Yes
Hardware	siemens	scalance_xp-200	-	No
Operating System	siemens	scalance_xr324-4m_eec_firmware	*	Yes
Hardware	siemens	scalance_xr324-4m_eec	-	No
Operating System	siemens	scalance_xr324-4m_poe_firmware	*	Yes
Hardware	siemens	scalance_xr324-4m_poe	-	No
Operating System	siemens	scalance_xr324-4m_poe_ts_firmware	*	Yes
Hardware	siemens	scalance_xr324-4m_poe_ts	-	No
Operating System	siemens	scalance_xr324-12m_firmware	*	Yes
Hardware	siemens	scalance_xr324-12m	-	No
Operating System	siemens	scalance_xr324-12m_ts_firmware	*	Yes
Hardware	siemens	scalance_xr324-12m_ts	-	No
Operating System	siemens	scalance_xr500_firmware	< 6.3.1	Yes
Hardware	siemens	scalance_xr500	-	No
Operating System	siemens	scalance_xr-300wg_firmware	< 4.3	Yes
Hardware	siemens	scalance_xr-300wg	-	No
Operating System	siemens	simatic_cfu_pa_firmware	*	Yes
Hardware	siemens	simatic_cfu_pa	-	No
Operating System	siemens	simatic_ie\/pb-link_v3_firmware	*	Yes
Hardware	siemens	simatic_ie\/pb-link_v3	-	No
Operating System	siemens	simatic_mv500_firmware	< 3.0	Yes
Hardware	siemens	simatic_mv500	-	No
Operating System	siemens	simatic_net_cm_1542-1_firmware	*	Yes
Hardware	siemens	simatic_net_cm_1542-1	-	No
Operating System	siemens	simatic_net_cp1616_firmware	≤ 2.7	Yes
Hardware	siemens	simatic_net_cp1616	-	No
Operating System	siemens	simatic_net_cp1604_firmware	≤ 2.7	Yes
Hardware	siemens	simatic_net_cp1604	-	No
Operating System	siemens	simatic_net_cp1626_firmware	*	Yes
Hardware	siemens	simatic_net_cp1626	-	No
Application	siemens	simatic_net_dk-16xx_pn_io	≤ 2.7	Yes
Operating System	siemens	simatic_power_line_booster_plb_firmware	*	Yes
Hardware	siemens	simatic_power_line_booster_plb	-	No
Operating System	siemens	simatic_profinet_driver_firmware	< 2.3	Yes
Hardware	siemens	simatic_profinet_driver	-	No
Operating System	siemens	simatic_s7-1200_firmware	< 4.5	Yes
Hardware	siemens	simatic_s7-1200	-	No
Operating System	siemens	simocode_prov_ethernet\/ip_firmware	< 1.1.3	Yes
Hardware	siemens	simocode_prov_ethernet\/ip	-	No
Operating System	siemens	simocode_prov_profinet_firmware	< 2.1.3	Yes
Hardware	siemens	simocode_prov_profinet	-	No
Operating System	siemens	softnet-ie_pnio_firmware	*	Yes
Hardware	siemens	softnet-ie_pnio	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-599968.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf Patch, Vendor Advisory ([email protected])
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03 Third Party Advisory, US Government Resource ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-599968.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)