Vulnerability Description
A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Industrial Ethernet 2000 Series Firmware | <= 15.2\(5.4.32i\)e2 |
| Cisco | Industrial Ethernet 2000 16Ptc-G-E Switch | - |
| Cisco | Industrial Ethernet 2000 16Ptc-G-L Switch | - |
| Cisco | Industrial Ethernet 2000 16Ptc-G-Nx Switch | - |
| Cisco | Industrial Ethernet 2000 16T67-B Switch | - |
| Cisco | Industrial Ethernet 2000 16T67P-G-E Switch | - |
| Cisco | Industrial Ethernet 2000 16Tc-G-E Switch | - |
| Cisco | Industrial Ethernet 2000 16Tc-G-L Switch | - |
| Cisco | Industrial Ethernet 2000 16Tc-G-N Switch | - |
| Cisco | Industrial Ethernet 2000 16Tc-G-X Switch | - |
| Cisco | Industrial Ethernet 2000 16Tc-L Switch | - |
| Cisco | Industrial Ethernet 2000 24T67-B Switch | - |
| Cisco | Industrial Ethernet 2000 4S-Ts-G-B Switch | - |
| Cisco | Industrial Ethernet 2000 4S-Ts-G-L Switch | - |
| Cisco | Industrial Ethernet 2000 4T-B Switch | - |
| Cisco | Industrial Ethernet 2000 4T-G-B Switch | - |
| Cisco | Industrial Ethernet 2000 4T-G-L Switch | - |
| Cisco | Industrial Ethernet 2000 4T-L Switch | - |
| Cisco | Industrial Ethernet 2000 4Ts-B Switch | - |
| Cisco | Industrial Ethernet 2000 4Ts-G-B Switch | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95946Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037771
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/95946Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037771
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-3812?
CVE-2017-3812 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a den...
How severe is CVE-2017-3812?
CVE-2017-3812 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3812?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Industrial Ethernet 2000 Series Firmware, Cisco Industrial Ethernet 2000 16Ptc-G-E Switch, Cisco Industrial Ethernet 2000 16Ptc-G-L Switch, Cisco Industrial Ethernet 2000 16Ptc-G-Nx Switch, Cisco Industrial Ethernet 2000 16T67-B Switch.