| Vulnerability Name: | CVE-2020-9307 (CCN-196937) | ||||||||||||
| Assigned: | 2020-02-19 | ||||||||||||
| Published: | 2021-02-11 | ||||||||||||
| Updated: | 2021-02-23 | ||||||||||||
| Summary: | Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts). | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:U)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:U)
| ||||||||||||
| CVSS v2 Severity: | 6.1 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-835 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-9307 Source: XF Type: UNKNOWN hirschmann-cve20209307-dos(196937) Source: CCN Type: Hirschmann Web site Hirschmann Source: CCN Type: BSECV-2019-08 Hirschmann RSP, RSPE, and OS2 series HSR denial of service vulnerability Source: CONFIRM Type: Vendor Advisory https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view Source: MISC Type: Vendor Advisory https://www.belden.com/security | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||