CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
siemensdk_standard_ethernet_controller_evaluation_kit_firmware
*
siemensek-ertec_200_evaulation_kit_firmware
*
siemensek-ertec_200p_evaluation_kit_firmware
𝑥
< 4.7
siemensruggedcom_rm1224_firmware
𝑥
< 6.4
siemensscalance_m-800_firmware
𝑥
< 6.4
siemensscalance_s615_firmware
𝑥
< 6.4
siemensscalance_w700_firmware
*
siemensscalance_w1700_firmware
*
siemensscalance_x200-4_p_irt_firmware
𝑥
< 5.5.0
siemensscalance_x201-3p_irt_firmware
𝑥
< 5.5.0
siemensscalance_x201-3p_irt_pro_firmware
𝑥
< 5.5.0
siemensscalance_x202-2_irt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2p_irt_pro_firmware
𝑥
< 5.5.0
siemensscalance_x204_irt_firmware
𝑥
< 5.5.0
siemensscalance_x204_irt_pro_firmware
𝑥
< 5.5.0
siemensscalance_x204-2_firmware
𝑥
< 5.2.5
siemensscalance_x204-2fm_firmware
𝑥
< 5.2.5
siemensscalance_x204-2ld_firmware
𝑥
< 5.2.5
siemensscalance_x204-2ld_ts_firmware
𝑥
< 5.2.5
siemensscalance_x204-2ts_firmware
𝑥
< 5.2.5
siemensscalance_x206-1_firmware
𝑥
< 5.2.5
siemensscalance_x206-1ld_firmware
𝑥
< 5.2.5
siemensscalance_x208_firmware
𝑥
< 5.2.5
siemensscalance_x208pro_firmware
𝑥
< 5.2.5
siemensscalance_x212-2_firmware
𝑥
< 5.2.5
siemensscalance_x212-2ld_firmware
𝑥
< 5.2.5
siemensscalance_x216_firmware
𝑥
< 5.2.5
siemensscalance_x224_firmware
𝑥
< 5.2.5
siemensscalance_x302-7eec_firmware
*
siemensscalance_x304-2fe_firmware
*
siemensscalance_x306-1ldfe_firmware
*
siemensscalance_x307-2eec_firmware
*
siemensscalance_x307-3_firmware
*
siemensscalance_x307-3ld_firmware
*
siemensscalance_x308-2_firmware
*
siemensscalance_x308-2ld_firmware
*
siemensscalance_x308-2lh_firmware
*
siemensscalance_x308-2lh\+_firmware
*
siemensscalance_x308-2m_firmware
*
siemensscalance_x308-2m_poe_firmware
*
siemensscalance_x308-2m_ts_firmware
*
siemensscalance_x310_firmware
*
siemensscalance_x310fe_firmware
*
siemensscalance_x320-1fe_firmware
*
siemensscalance_x320-3ldfe_firmware
*
siemensscalance_xb-200_firmware
𝑥
< 4.3
siemensscalance_xc-200_firmware
𝑥
< 4.3
siemensscalance_xf201-3p_irt_firmware
𝑥
< 5.5.0
siemensscalance_xf202-2p_irt_firmware
𝑥
< 5.5.0
siemensscalance_xf204_firmware
𝑥
< 5.2.5
siemensscalance_xf204_irt_firmware
𝑥
< 5.5.0
siemensscalance_xf204-2_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2ba_irt_firmware
𝑥
< 5.5.0
siemensscalance_xf206-1_firmware
𝑥
< 5.2.5
siemensscalance_xf208_firmware
𝑥
< 5.2.5
siemensscalance_xf-200ba_firmware
𝑥
< 4.3
siemensscalance_xm400_firmware
𝑥
< 6.3.1
siemensscalance_xp-200_firmware
𝑥
< 4.3
siemensscalance_xr324-4m_eec_firmware
*
siemensscalance_xr324-4m_poe_firmware
*
siemensscalance_xr324-4m_poe_ts_firmware
*
siemensscalance_xr324-12m_firmware
*
siemensscalance_xr324-12m_ts_firmware
*
siemensscalance_xr500_firmware
𝑥
< 6.3.1
siemensscalance_xr-300wg_firmware
𝑥
< 4.3
siemenssimatic_cfu_pa_firmware
*
siemenssimatic_ie\/pb-link_v3_firmware
*
siemenssimatic_mv500_firmware
𝑥
< 3.0
siemenssimatic_net_cm_1542-1_firmware
*
siemenssimatic_net_cp1616_firmware
𝑥
≤ 2.7
siemenssimatic_net_cp1604_firmware
𝑥
≤ 2.7
siemenssimatic_net_cp1626_firmware
*
siemenssimatic_net_dk-16xx_pn_io
𝑥
≤ 2.7
siemenssimatic_power_line_booster_plb_firmware
*
siemenssimatic_profinet_driver_firmware
𝑥
< 2.3
siemenssimatic_s7-1200_firmware
𝑥
< 4.5
siemenssimocode_prov_ethernet\/ip_firmware
𝑥
< 1.1.3
siemenssimocode_prov_profinet_firmware
𝑥
< 2.1.3
siemenssoftnet-ie_pnio_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemensdevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controller
𝑥
< *
ADP
siemensdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200
𝑥
< *
ADP
siemensdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200p
𝑥
< v4.7
ADP
siemensruggedcom_rm1224
𝑥
< v6.4
ADP
siemensscalance_m804pb
𝑥
< v6.4
ADP
seimensscalance_m812-1_adsl-router_annex_a
𝑥
< v6.4
ADP
seimensscalance_m812-1_adsl-router_annex_b
𝑥
< 6.4
ADP
siemensscalance_m816_1_adsl_router_annex_a
𝑥
< v6.4
ADP
siemensscalance_m816-1_adsl-router_annex_b
𝑥
< v6.4
ADP
siemensscalance_m826-2_shdsl-router
𝑥
< v6.4
ADP
siemensscalence_m874_2
𝑥
< v6.4
ADP
siemensscalence_m874_3
𝑥
< v6.4
ADP
siemensscalance_m876_3_evdo
𝑥
< v6.4
ADP
siemensscalance_m876_3_rok
𝑥
< 6.4
ADP
siemensscalance_m876_4_eu
𝑥
< 6.4
ADP
siemensscalance_m876_4_nam
𝑥
< v6.4
ADP
siemensscalance_s615
𝑥
< v6.4
ADP
siemensscalance_w700_ieee_802.11n_family
𝑥
< *
ADP
siemensscalance_w1748_1_m12
𝑥
< v3.0.0
ADP
siemensscalance_w1788_1_m12
𝑥
< v3.0.0
ADP
siemensscalance_w1788_2_eec_m12
𝑥
< v3.0.0
ADP
siemensscalance_w1788_2_m12
𝑥
< v3.0.0
ADP
siemensscalance_w1788_2ia_m12
𝑥
< v3.0.0
ADP
siemensscalance_x200_4p_irt
𝑥
< v5.5.0
ADP
siemensscalance_x201_3p_irt
𝑥
< v5.5.0
ADP
siemensscalance_x201_3p_irt_pro
𝑥
< v5.5.0
ADP
siemensscalancce_x202_2p_irt
𝑥
< v5.5.0
ADP
siemensscalence_202_2p_irt_pro
𝑥
< v5.5.0
ADP
siemensscalancce_x204_2
𝑥
< v5.25
ADP
siemensscalence_x204_2fm
𝑥
< v5.25
ADP
siemensscalence_x204_2ld
𝑥
< v5.25
ADP
siemensscalence_x204_2ld_ts
𝑥
< v5.25
ADP
siemensscalence_x204_2ts
𝑥
< v5.25
ADP
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-599968.html
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03
https://cert-portal.siemens.com/productcert/html/ssa-599968.html
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03