CVE-2020-37216

Summary

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.

Affected Software

VendorProductVersion RangeStatus
BeldenHirschmann HiOS>= 08.1.00unaffected
BeldenHirschmann HiOS>= 07.1.01unaffected
BeldenHirschmann HiOS05.00.00 <= 08.0.00affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References