Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU54867
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28400
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits issue. A remote attacker can send specially crafted DCP packets and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller: All versions
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200: All versions
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: All versions
SCALANCE W700 IEEE 802.11n: All versions
SCALANCE W700 IEEE 802.11ac: All versions
SCALANCE X204-2: All versions
SCALANCE X204-2FM: All versions
SCALANCE X204-2LD: All versions
SCALANCE X20204-2LD TS: All versions
SCALANCE X204 -2TS: All versions
SCALANCE X206-1: All versions
SCALANCE X206-1LD: All versions
SCALANCE X208: All versions
SCALANCE X208PRO: All versions
SCALANCE X212-2: All versions
SCALANCE X12-2LD: All versions
SCALANCE X216: All versions
SCALANCE X224: All versions
SCALANCE X302-7EEC: All versions
SCALANCE 304-2FE: All versions
SCALANCE X306-1LDFE: All versions
SCALANCE X307-2EEC: All versions
SCALANCE X307-3: All versions
SCALANCE X307-3LD: All versions
SCALANCE X308-2: All versions
SCALANCE X308-2LD: All versions
SCALANCE X308-2LH: All versions
SCALANCE X308-2LH+: All versions
SCALANCE X308-2M: All versions
SCALANCE X308-2M POE: All versions
SCALANCE X308-2M TS: All versions
SCALANCE X310: All versions
SCALANCE X310FE: All versions
SCALANCE X320-1FE: All versions
SCALANCE X320-3LDFE: All versions
SCALANCE XB-200: All versions
SCALANCE XC-200: All versions
SCALANCE XF204: All versions
SCALANCE XF204-2: All versions
SCALANCE XF206-1: All versions
SCALANCE XF208: All versions
SCALANCE XF-200BA: All versions
SCALANCE XP-200: All versions
SCALANCE XR324-4M EEC: All versions
SCALANCE XR324-4M POE: All versions
SCALANCE XR324-4M POE TS: All versions
SCALANCE XR324-12M: All versions
SCALANCE XR324-12M TS: All versions
SCALANCE XR-300WG: All versions
SIMATIC CFU PA: All versions
SIMATIC IE/PB-LINK V3: All versions
SIMATIC NET CM 1542-1: All versions
SIMATIC NET CP1616/CP1604: All versions
SIMATIC NET CP1626: All versions
SIMATIC NET DK-16xx PN IO: All versions
SIMATIC Power Line Booster PLB: All versions
Base Module: All versions
SIMATIC PROFINET Driver: All versions
SOFTNET-IE PNIO: All versions
RUGGEDCOM RM1224: before 6.4
SCALANCE M-800: before 6.4
SCALANCE S615: before 6.4
SCALANCE X200-4 P IRT: before 5.5.0
SCALANCE X201-3P IRT: before 5.5.0
SCALANCE X201-3P IRT PRO: before 5.5.0
SCALANCE X202-2 IRT: before 5.5.0
SCALANCE X202-2P IRT: before 5.5.0
SCALANCE X202-2P IRT PRO: before 5.5.0
SCALANCE X204 IRT: before 5.5.0
SCALANCE X204 IRT PRO: before 5.5.0
SCALANCE XF201-3P IRT: before 5.5.0
SCALANCE XF202-2P IRT: before 5.5.0
SCALANCE XF204 IRT: before 5.5.0
SCALANCE XF204-2BA IRT: before 5.5.0
SCALANCE XM400: before 6.3.1
SCALANCE XR500: before 6.3.1
SIMATIC MV500 family: before 3.0
SIMATIC S7-1200 CPU family: before 4.5
SIMOCODE proV Ethernet/IP: before 1.1.3
SIMOCODE proV PROFINET: before 2.1.3
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.