An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf | Vendor Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
21 May 2021, 14:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm416-4c_l3:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm408-4c:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xr526:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xr528:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm408-8c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xr552:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xr524:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm416-4c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm408-8c_l3:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_xm408-4c_l3:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 7.5 |
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10 - Third Party Advisory, US Government Resource | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf - Vendor Advisory |
13 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-682 | |
References |
|
|
Summary | An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4). |
12 May 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-12 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-28393
Mitre link : CVE-2020-28393
CVE.ORG link : CVE-2020-28393
JSON object : View
Products Affected
siemens
- scalance_xm408-4c_l3
- scalance_xm408-8c
- scalance_xm-400_firmware
- scalance_xr524
- scalance_xr552
- scalance_xr526
- scalance_xm408-4c_l3_firmware
- scalance_xm408-8c_firmware
- scalance_xm408-8c_l3_firmware
- scalance_xm416-4c_firmware
- scalance_xm416-4c
- scalance_xr528_firmware
- scalance_xr552_firmware
- scalance_xm408-8c_l3
- scalance_xm416-4c_l3_firmware
- scalance_xm-400
- scalance_xr528
- scalance_xm408-4c_firmware
- scalance_xr524_firmware
- scalance_xm408-4c
- scalance_xm416-4c_l3
- scalance_xr526_firmware
CWE
CWE-682
Incorrect Calculation