#VU51524 Infinite loop in Belden Inc. products - CVE-2020-9307

Cybersecurity Help s.r.o.

Published: 2021-03-17

Vulnerability identifier: #VU51524

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-9307

CWE-ID: CWE-835

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Hirschmann OS2
Hardware solutions / Firmware
Hirschmann RSP
Hardware solutions / Firmware
Hirschmann RSPE
Hardware solutions / Firmware
HiOS
Operating systems & Components / Operating system

Vendor: Belden Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the HSR implementation. A remote attacker on the local network can consume all available system resources and cause denial of service conditions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Hirschmann OS2: All versions

Hirschmann RSP: All versions

Hirschmann RSPE: All versions

HiOS: 07.0.04 - 08.0.00

External links
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view
https://www.belden.com/security

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Hitachi ABB Power Grids AFS Series

Denial of service in Belden Hirschmann OS2, RSP and RSPE