CVE-2020-28393

CVSS V2 High 7.1 CVSS V3 High 7.5
Description
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
Overview
  • CVE ID
  • CVE-2020-28393
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-05-12T14:15:11
  • Last Modified Date
  • 2021-05-21T14:03:28
Weakness Enumerations
CWE URL
CWE-682 http://cwe.mitre.org/data/definitions/682.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xr524:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xr526:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xr528:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xr552:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm416-4c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm408-8c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm408-4c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm416-4c_l3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm408-8c_l3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:* 1 OR 6.4
cpe:2.3:h:siemens:scalance_xm408-4c_l3:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.1
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10 Third Party Advisory US Government Resource
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-28393
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28393
History
Created Old Value New Value Data Type Notes
2022-05-10 16:15:21 Added to TrackCVE
2022-12-05 02:08:32 2021-05-12T14:15Z 2021-05-12T14:15:11 CVE Published Date updated
2022-12-05 02:08:32 2021-05-21T14:03:28 CVE Modified Date updated
2022-12-05 02:08:32 Analyzed Vulnerability Status updated