#VU54867 Allocation of Resources Without Limits or Throttling in Siemens products - CVE-2020-28400
Published: July 14, 2021
Vulnerability identifier: #VU54867
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-28400
CWE-ID: CWE-770
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
SCALANCE W700 IEEE 802.11n
SCALANCE W700 IEEE 802.11ac
SCALANCE X20204-2LD TS
SCALANCE X204 -2TS
SCALANCE X12-2LD
SCALANCE X302-7EEC
SCALANCE 304-2FE
SCALANCE X306-1LDFE
SCALANCE X307-2EEC
SCALANCE X307-3
SCALANCE X307-3LD
SCALANCE X308-2
SCALANCE X308-2LD
SCALANCE X308-2LH
SCALANCE X308-2LH+
SCALANCE X308-2M
SCALANCE X308-2M POE
SCALANCE X308-2M TS
SCALANCE X310
SCALANCE X310FE
SCALANCE X320-1FE
SCALANCE X320-3LDFE
SCALANCE XR324-4M EEC
SCALANCE XR324-4M POE
SCALANCE XR324-4M POE TS
SCALANCE XR324-12M
SCALANCE XR324-12M TS
SIMATIC CFU PA
SIMATIC IE/PB-LINK V3
SIMATIC NET CM 1542-1
SIMATIC NET CP1616/CP1604
SIMATIC NET CP1626
SIMATIC NET DK-16xx PN IO
SIMATIC Power Line Booster PLB
Base Module
SOFTNET-IE PNIO
SCALANCE M-800
SCALANCE S615
SCALANCE X200-4 P IRT
SCALANCE XM400
SCALANCE XR500
SIMATIC MV500 family
SIMATIC S7-1200 CPU family
SIMOCODE proV Ethernet/IP
SIMOCODE proV PROFINET
SCALANCE X204-2
SCALANCE X204-2FM
SCALANCE X204-2LD
SCALANCE X206-1
SCALANCE X206-1LD
SCALANCE X208
SCALANCE X208PRO
SCALANCE X212-2
SCALANCE X216
SCALANCE X224
SCALANCE XB-200
SCALANCE XC-200
SCALANCE XF204
SCALANCE XF204-2
SCALANCE XF206-1
SCALANCE XF208
SCALANCE XF-200BA
SCALANCE XP-200
SCALANCE XR-300WG
RUGGEDCOM RM1224
SCALANCE X201-3P IRT
SCALANCE X201-3P IRT PRO
SCALANCE X202-2 IRT
SCALANCE X202-2P IRT
SCALANCE X202-2P IRT PRO
SCALANCE X204 IRT
SCALANCE X204 IRT PRO
SCALANCE XF201-3P IRT
SCALANCE XF202-2P IRT
SCALANCE XF204 IRT
SCALANCE XF204-2BA IRT
SIMATIC PROFINET Driver
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
SCALANCE W700 IEEE 802.11n
SCALANCE W700 IEEE 802.11ac
SCALANCE X20204-2LD TS
SCALANCE X204 -2TS
SCALANCE X12-2LD
SCALANCE X302-7EEC
SCALANCE 304-2FE
SCALANCE X306-1LDFE
SCALANCE X307-2EEC
SCALANCE X307-3
SCALANCE X307-3LD
SCALANCE X308-2
SCALANCE X308-2LD
SCALANCE X308-2LH
SCALANCE X308-2LH+
SCALANCE X308-2M
SCALANCE X308-2M POE
SCALANCE X308-2M TS
SCALANCE X310
SCALANCE X310FE
SCALANCE X320-1FE
SCALANCE X320-3LDFE
SCALANCE XR324-4M EEC
SCALANCE XR324-4M POE
SCALANCE XR324-4M POE TS
SCALANCE XR324-12M
SCALANCE XR324-12M TS
SIMATIC CFU PA
SIMATIC IE/PB-LINK V3
SIMATIC NET CM 1542-1
SIMATIC NET CP1616/CP1604
SIMATIC NET CP1626
SIMATIC NET DK-16xx PN IO
SIMATIC Power Line Booster PLB
Base Module
SOFTNET-IE PNIO
SCALANCE M-800
SCALANCE S615
SCALANCE X200-4 P IRT
SCALANCE XM400
SCALANCE XR500
SIMATIC MV500 family
SIMATIC S7-1200 CPU family
SIMOCODE proV Ethernet/IP
SIMOCODE proV PROFINET
SCALANCE X204-2
SCALANCE X204-2FM
SCALANCE X204-2LD
SCALANCE X206-1
SCALANCE X206-1LD
SCALANCE X208
SCALANCE X208PRO
SCALANCE X212-2
SCALANCE X216
SCALANCE X224
SCALANCE XB-200
SCALANCE XC-200
SCALANCE XF204
SCALANCE XF204-2
SCALANCE XF206-1
SCALANCE XF208
SCALANCE XF-200BA
SCALANCE XP-200
SCALANCE XR-300WG
RUGGEDCOM RM1224
SCALANCE X201-3P IRT
SCALANCE X201-3P IRT PRO
SCALANCE X202-2 IRT
SCALANCE X202-2P IRT
SCALANCE X202-2P IRT PRO
SCALANCE X204 IRT
SCALANCE X204 IRT PRO
SCALANCE XF201-3P IRT
SCALANCE XF202-2P IRT
SCALANCE XF204 IRT
SCALANCE XF204-2BA IRT
SIMATIC PROFINET Driver
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits issue. A remote attacker can send specially crafted DCP packets and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.