CVE-2020-28400 — HIGH (7.5)

Q: How severe is CVE-2020-28400?

CVE-2020-28400 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-28400?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Dk Standard Ethernet Controller Evaluation Kit Firmware, Siemens Dk Standard Ethernet Controller Evaluation Kit, Siemens Ek-Ertec 200 Evaulation Kit Firmware, Siemens Ek-Ertec 200 Evaulation Kit, Siemens Ek-Ertec 200P Evaluation Kit Firmware.

Vulnerability Description

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Dk Standard Ethernet Controller Evaluation Kit Firmware	All versions
Siemens	Dk Standard Ethernet Controller Evaluation Kit	-
Siemens	Ek-Ertec 200 Evaulation Kit Firmware	All versions
Siemens	Ek-Ertec 200 Evaulation Kit	-
Siemens	Ek-Ertec 200P Evaluation Kit Firmware	< 4.7
Siemens	Ek-Ertec 200P Evaluation Kit	-
Siemens	Ruggedcom Rm1224 Firmware	< 6.4
Siemens	Ruggedcom Rm1224	-
Siemens	Scalance M-800 Firmware	< 6.4
Siemens	Scalance M-800	-
Siemens	Scalance S615 Firmware	< 6.4
Siemens	Scalance S615	-
Siemens	Scalance W700 Firmware	All versions
Siemens	Scalance W700	-
Siemens	Scalance W1700 Firmware	All versions
Siemens	Scalance W1700	-
Siemens	Scalance X200-4 P Irt Firmware	< 5.5.0
Siemens	Scalance X200-4 P Irt	-
Siemens	Scalance X201-3P Irt Firmware	< 5.5.0
Siemens	Scalance X201-3P Irt	-

Related Weaknesses (CWE)

CWE-770

References

https://cert-portal.siemens.com/productcert/html/ssa-599968.html
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfPatchVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03Third Party AdvisoryUS Government Resource
https://cert-portal.siemens.com/productcert/html/ssa-599968.html
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfPatchVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-28400?

CVE-2020-28400 is a vulnerability with a CVSS score of 7.5 (HIGH). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are...

How severe is CVE-2020-28400?

CVE-2020-28400 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28400?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Dk Standard Ethernet Controller Evaluation Kit Firmware, Siemens Dk Standard Ethernet Controller Evaluation Kit, Siemens Ek-Ertec 200 Evaulation Kit Firmware, Siemens Ek-Ertec 200 Evaulation Kit, Siemens Ek-Ertec 200P Evaluation Kit Firmware.