CVE-2021-20987

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CERTVDECNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
hilscherethernet\/ip_adapter_firmware
2.0 ≤
𝑥
< 2.13.0.21
pepperl-fuchswcs_firmware
𝑥
≤ 1.2.1
pepperl-fuchspxv100-f200-b25-v1d_firmware
𝑥
≤ 1.10.0
pepperl-fuchspxv100i-f200-b25-v1d_firmware
𝑥
≤ 1.10.0
pepperl-fuchspcv100-f200-b25-v1d-6011-6720_firmware
𝑥
≤ 1.10.0
pepperl-fuchspcv50-f200-b25-v1d_firmware
𝑥
≤ 1.10.0
pepperl-fuchspcv80-f200-b25-v1d_firmware
𝑥
≤ 1.10.0
pepperl-fuchspcv100-f200-b25-v1d-6011_firmware
𝑥
≤ 1.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-007
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480
https://cert.vde.com/en-us/advisories/vde-2021-007
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480