Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 157 products from siemens, from siemens, from siemens and 154 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-07-13T11:15:08.960

Last Modified

2024-12-10T14:15:19.373

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-770
  • Type: Primary
    CWE-770
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System siemens dk_standard_ethernet_controller_evaluation_kit_firmware * Yes
Hardware siemens dk_standard_ethernet_controller_evaluation_kit - No
Operating System siemens ek-ertec_200_evaulation_kit_firmware * Yes
Hardware siemens ek-ertec_200_evaulation_kit - No
Operating System siemens ek-ertec_200p_evaluation_kit_firmware < 4.7 Yes
Hardware siemens ek-ertec_200p_evaluation_kit - No
Operating System siemens ruggedcom_rm1224_firmware < 6.4 Yes
Hardware siemens ruggedcom_rm1224 - No
Operating System siemens scalance_m-800_firmware < 6.4 Yes
Hardware siemens scalance_m-800 - No
Operating System siemens scalance_s615_firmware < 6.4 Yes
Hardware siemens scalance_s615 - No
Operating System siemens scalance_w700_firmware * Yes
Hardware siemens scalance_w700 - No
Operating System siemens scalance_w1700_firmware * Yes
Hardware siemens scalance_w1700 - No
Operating System siemens scalance_x200-4_p_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_x200-4_p_irt - No
Operating System siemens scalance_x201-3p_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_x201-3p_irt - No
Operating System siemens scalance_x201-3p_irt_pro_firmware < 5.5.0 Yes
Hardware siemens scalance_x201-3p_irt_pro - No
Operating System siemens scalance_x202-2_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_x202-2_irt - No
Operating System siemens scalance_x202-2p_irt_pro_firmware < 5.5.0 Yes
Hardware siemens scalance_x202-2p_irt_pro - No
Operating System siemens scalance_x204_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_x204_irt - No
Operating System siemens scalance_x204_irt_pro_firmware < 5.5.0 Yes
Hardware siemens scalance_x204_irt_pro - No
Operating System siemens scalance_x204-2_firmware < 5.2.5 Yes
Hardware siemens scalance_x204-2_ - No
Operating System siemens scalance_x204-2fm_firmware < 5.2.5 Yes
Hardware siemens scalance_x204-2fm - No
Operating System siemens scalance_x204-2ld_firmware < 5.2.5 Yes
Hardware siemens scalance_x204-2ld - No
Operating System siemens scalance_x204-2ld_ts_firmware < 5.2.5 Yes
Hardware siemens scalance_x204-2ld_ts - No
Operating System siemens scalance_x204-2ts_firmware < 5.2.5 Yes
Hardware siemens scalance_x204-2ts - No
Operating System siemens scalance_x206-1_firmware < 5.2.5 Yes
Hardware siemens scalance_x206-1 - No
Operating System siemens scalance_x206-1ld_firmware < 5.2.5 Yes
Hardware siemens scalance_x206-1ld - No
Operating System siemens scalance_x208_firmware < 5.2.5 Yes
Hardware siemens scalance_x208 - No
Operating System siemens scalance_x208pro_firmware < 5.2.5 Yes
Hardware siemens scalance_x208pro - No
Operating System siemens scalance_x212-2_firmware < 5.2.5 Yes
Hardware siemens scalance_x212-2 - No
Operating System siemens scalance_x212-2ld_firmware < 5.2.5 Yes
Hardware siemens scalance_x212-2ld - No
Operating System siemens scalance_x216_firmware < 5.2.5 Yes
Hardware siemens scalance_x216 - No
Operating System siemens scalance_x224_firmware < 5.2.5 Yes
Hardware siemens scalance_x224 - No
Operating System siemens scalance_x302-7eec_firmware * Yes
Hardware siemens scalance_x302-7eec - No
Operating System siemens scalance_x304-2fe_firmware * Yes
Hardware siemens scalance_x304-2fe - No
Operating System siemens scalance_x306-1ldfe_firmware * Yes
Hardware siemens scalance_x306-1ldfe - No
Operating System siemens scalance_x307-2eec_firmware * Yes
Hardware siemens scalance_x307-2eec - No
Operating System siemens scalance_x307-3_firmware * Yes
Hardware siemens scalance_x307-3 - No
Operating System siemens scalance_x307-3ld_firmware * Yes
Hardware siemens scalance_x307-3ld - No
Operating System siemens scalance_x308-2_firmware * Yes
Hardware siemens scalance_x308-2 - No
Operating System siemens scalance_x308-2ld_firmware * Yes
Hardware siemens scalance_x308-2ld - No
Operating System siemens scalance_x308-2lh_firmware * Yes
Hardware siemens scalance_x308-2lh - No
Operating System siemens scalance_x308-2lh\+_firmware * Yes
Hardware siemens scalance_x308-2lh\+ - No
Operating System siemens scalance_x308-2m_firmware * Yes
Hardware siemens scalance_x308-2m - No
Operating System siemens scalance_x308-2m_poe_firmware * Yes
Hardware siemens scalance_x308-2m_poe - No
Operating System siemens scalance_x308-2m_ts_firmware * Yes
Hardware siemens scalance_x308-2m_ts - No
Operating System siemens scalance_x310_firmware * Yes
Hardware siemens scalance_x310 - No
Operating System siemens scalance_x310fe_firmware * Yes
Hardware siemens scalance_x310fe - No
Operating System siemens scalance_x320-1fe_firmware * Yes
Hardware siemens scalance_x320-1fe - No
Operating System siemens scalance_x320-3ldfe_firmware * Yes
Hardware siemens scalance_x320-3ldfe - No
Operating System siemens scalance_xb-200_firmware < 4.3 Yes
Hardware siemens scalance_xb-200 - No
Operating System siemens scalance_xc-200_firmware < 4.3 Yes
Hardware siemens scalance_xc-200 - No
Operating System siemens scalance_xf201-3p_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_xf201-3p_irt - No
Operating System siemens scalance_xf202-2p_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_xf202-2p_irt - No
Operating System siemens scalance_xf204_firmware < 5.2.5 Yes
Hardware siemens scalance_xf204 - No
Operating System siemens scalance_xf204_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_xf204_irt - No
Operating System siemens scalance_xf204-2_firmware < 5.2.5 Yes
Hardware siemens scalance_xf204-2_ - No
Operating System siemens scalance_xf204-2ba_irt_firmware < 5.5.0 Yes
Hardware siemens scalance_xf204-2ba_irt - No
Operating System siemens scalance_xf206-1_firmware < 5.2.5 Yes
Hardware siemens scalance_xf206-1 - No
Operating System siemens scalance_xf208_firmware < 5.2.5 Yes
Hardware siemens scalance_xf208 - No
Operating System siemens scalance_xf-200ba_firmware < 4.3 Yes
Hardware siemens scalance_xf-200ba - No
Operating System siemens scalance_xm400_firmware < 6.3.1 Yes
Hardware siemens scalance_xm400 - No
Operating System siemens scalance_xp-200_firmware < 4.3 Yes
Hardware siemens scalance_xp-200 - No
Operating System siemens scalance_xr324-4m_eec_firmware * Yes
Hardware siemens scalance_xr324-4m_eec - No
Operating System siemens scalance_xr324-4m_poe_firmware * Yes
Hardware siemens scalance_xr324-4m_poe - No
Operating System siemens scalance_xr324-4m_poe_ts_firmware * Yes
Hardware siemens scalance_xr324-4m_poe_ts - No
Operating System siemens scalance_xr324-12m_firmware * Yes
Hardware siemens scalance_xr324-12m - No
Operating System siemens scalance_xr324-12m_ts_firmware * Yes
Hardware siemens scalance_xr324-12m_ts - No
Operating System siemens scalance_xr500_firmware < 6.3.1 Yes
Hardware siemens scalance_xr500 - No
Operating System siemens scalance_xr-300wg_firmware < 4.3 Yes
Hardware siemens scalance_xr-300wg - No
Operating System siemens simatic_cfu_pa_firmware * Yes
Hardware siemens simatic_cfu_pa - No
Operating System siemens simatic_ie\/pb-link_v3_firmware * Yes
Hardware siemens simatic_ie\/pb-link_v3 - No
Operating System siemens simatic_mv500_firmware < 3.0 Yes
Hardware siemens simatic_mv500 - No
Operating System siemens simatic_net_cm_1542-1_firmware * Yes
Hardware siemens simatic_net_cm_1542-1 - No
Operating System siemens simatic_net_cp1616_firmware ≤ 2.7 Yes
Hardware siemens simatic_net_cp1616 - No
Operating System siemens simatic_net_cp1604_firmware ≤ 2.7 Yes
Hardware siemens simatic_net_cp1604 - No
Operating System siemens simatic_net_cp1626_firmware * Yes
Hardware siemens simatic_net_cp1626 - No
Application siemens simatic_net_dk-16xx_pn_io ≤ 2.7 Yes
Operating System siemens simatic_power_line_booster_plb_firmware * Yes
Hardware siemens simatic_power_line_booster_plb - No
Operating System siemens simatic_profinet_driver_firmware < 2.3 Yes
Hardware siemens simatic_profinet_driver - No
Operating System siemens simatic_s7-1200_firmware < 4.5 Yes
Hardware siemens simatic_s7-1200 - No
Operating System siemens simocode_prov_ethernet\/ip_firmware < 1.1.3 Yes
Hardware siemens simocode_prov_ethernet\/ip - No
Operating System siemens simocode_prov_profinet_firmware < 2.1.3 Yes
Hardware siemens simocode_prov_profinet - No
Operating System siemens softnet-ie_pnio_firmware * Yes
Hardware siemens softnet-ie_pnio - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For siemens's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.