Details of VAR-202107-1608

ID

VAR-202107-1608

CVE

CVE-2020-28400

TITLE

Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010133

DESCRIPTION

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens SCALANCE S602是德国西门子（Siemens）公司的一款工业安全设备. Siemens多款产品存在安全漏洞，该漏洞允许攻击者执行拒绝服务攻击。以下产品和版本受到影响：Development/Evaluation Kits for PROFINET IO： DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO： EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO： EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions ＜ 6.4), SCALANCE M-800 (All Versions ＜ 6.4), SCALANCE S615 (All Versions ＜ 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions ＜ V5.5.0), SCALANCE X201-3P IRT (All Versions ＜ V5.5.0), SCALANCE X201-3P IRT PRO (All Versions ＜ V5.5.0), SCALANCE X202-2 IRT (All Versions ＜ V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions ＜ V5.5.0), SCALANCE X202-2P IRT PRO (All Versions ＜ V5.5.0), SCALANCE X204 IRT (All Versions ＜ V5.5.0), SCALANCE X204 IRT PRO (All Versions ＜ V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions ＜ V5.5.0), SCALANCE XF202-2P IRT (All Versions ＜ V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions ＜ V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions ＜ V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions ＜ V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions ＜ V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions ＜ V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions ＞= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions ＞= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB： 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions ＜ V4.5), SIMOCODE proV Ethernet/IP (All versions ＜ V1.1.3), SIMOCODE proV PROFINET (All versions ＜ V2.1.3), SOFTNET-IE PNIO (All versions)

Trust: 2.79

sources: NVD: CVE-2020-28400 // JVNDB: JVNDB-2021-010133 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-901 // VULMON: CVE-2020-28400

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x206-1	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x201-3p irt pro	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	softnet-ie pnio	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x310fe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic net cp1604	scope:	lte	version:	2.7	Trust: 1.0
vendor:	siemens	model:	scalance xr324-12m	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x306-1ldfe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x304-2fe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simocode prov profinet	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	simatic net cm 1542-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w1700	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x206-1ld	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x308-2m poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x202-2p irt pro	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x310	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m poe ts	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simocode prov ethernet\/ip	scope:	lt	version:	1.1.3	Trust: 1.0
vendor:	siemens	model:	scalance x204 irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	dk standard ethernet controller evaluation kit	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x308-2lh\+	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x308-2m	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x204-2	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance xf204	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x307-3ld	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf206-1	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x204 irt pro	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	simatic ie\/pb-link v3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x308-2lh	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x308-2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x307-2eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	ek-ertec 200 evaulation kit	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x320-1fe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-12m ts	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic power line booster plb	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic profinet driver	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance x201-3p irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x208	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance m-800	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	scalance x308-2ld	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic mv500	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance x212-2	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance xb-200	scope:	lt	version:	4.3	Trust: 1.0
vendor:	siemens	model:	scalance xf-200ba	scope:	lt	version:	4.3	Trust: 1.0
vendor:	siemens	model:	scalance x208pro	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x204-2ts	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x308-2m ts	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204 irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance w700	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic net dk-16xx pn io	scope:	lte	version:	2.7	Trust: 1.0
vendor:	siemens	model:	scalance xf202-2p irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x307-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	lt	version:	4.5	Trust: 1.0
vendor:	siemens	model:	simatic cfu pa	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr500	scope:	lt	version:	6.3.1	Trust: 1.0
vendor:	siemens	model:	scalance x302-7eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	ek-ertec 200p evaluation kit	scope:	lt	version:	4.7	Trust: 1.0
vendor:	siemens	model:	scalance xf201-3p irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance xc-200	scope:	lt	version:	4.3	Trust: 1.0
vendor:	siemens	model:	scalance x200-4 p irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x204-2ld ts	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x204-2ld	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance xr-300wg	scope:	lt	version:	4.3	Trust: 1.0
vendor:	siemens	model:	scalance xp-200	scope:	lt	version:	4.3	Trust: 1.0
vendor:	siemens	model:	scalance x320-3ldfe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	scalance x224	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	simatic net cp1626	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf208	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x216	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	scalance x212-2ld	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	siemens	model:	simatic net cp1616	scope:	lte	version:	2.7	Trust: 1.0
vendor:	siemens	model:	scalance xm400	scope:	lt	version:	6.3.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	scalance x202-2 irt	scope:	lt	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	scalance x204-2fm	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	シーメンス	model:	scalance x200-4p irt	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	dk standard ethernet controller evaluation kit	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance w1700	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ek-ertec 200p evaluation kit	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x201-3p irt	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ek-ertec 200 evaluation kit	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance w700	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m-800	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010133 // NVD: CVE-2020-28400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-28400
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2020-28400
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-28400
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-901
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-28400
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-28400
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-28400
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-010133 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-901 // NVD: CVE-2020-28400 // NVD: CVE-2020-28400

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010133 // NVD: CVE-2020-28400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-901

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-901

PATCH

title:	SSA-599968	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf	Trust: 0.8
title:	Siemens Various product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156594	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=77fc0ba2dcd8966c9a1f7eb47b8603ca	Trust: 0.1

sources: VULMON: CVE-2020-28400 // JVNDB: JVNDB-2021-010133 // CNNVD: CNNVD-202107-901

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28400	Trust: 3.3
db:	ICS CERT	id:	ICSA-21-194-03	Trust: 2.4
db:	SIEMENS	id:	SSA-599968	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-010133	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2401	Trust: 0.6
db:	CS-HELP	id:	SB2021071416	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-901	Trust: 0.6
db:	VULMON	id:	CVE-2020-28400	Trust: 0.1

sources: VULMON: CVE-2020-28400 // JVNDB: JVNDB-2021-010133 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-901 // NVD: CVE-2020-28400

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03	Trust: 2.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/html/ssa-599968.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28400	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-194-03	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-ruggedcom-simatic-denial-of-service-via-profinet-dcp-reset-35890	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071416	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2401	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/770.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-599968.txt	Trust: 0.1

sources: VULMON: CVE-2020-28400 // JVNDB: JVNDB-2021-010133 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-901 // NVD: CVE-2020-28400

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-901

SOURCES

db:	VULMON	id:	CVE-2020-28400
db:	JVNDB	id:	JVNDB-2021-010133
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-901
db:	NVD	id:	CVE-2020-28400

LAST UPDATE DATE

2024-08-14T12:06:49.974000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-28400	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010133	date:	2022-06-22T02:38:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-901	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2020-28400	date:	2024-06-11T09:15:09.487

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-28400	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010133	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-901	date:	2021-07-13T00:00:00
db:	NVD	id:	CVE-2020-28400	date:	2021-07-13T11:15:08.960