CVE-2020-28393

Published May 12, 2021

Last updated 3 years ago

CVSS high 7.5

Overview

Description: An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

productcert@siemens.com: CWE-682

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E40058B3-3726-4F6A-AB41-7679487639F2",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "798E900F-5EF9-4B39-B8C2-79FAE659E7F5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B18697-4508-465B-AB56-A64DF601F8E4",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xr524:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7DEEA300-16C3-4FEE-88A8-674DE2AEEC95"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DC81BDD-1426-4BF3-AB8B-D050EC9E44EB",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xr526:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "756A07F8-4F9F-4A76-942E-82CB92216943"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70411378-1EEE-401A-A7C9-A88299215F82",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xr528:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDE5E54D-FFED-4C2C-B89D-E085E61D44E4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA7378E-5E6A-4541-B078-AB7E8CDC0E3E",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xr552:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB16A0BE-5AF3-4168-B755-D023E497A35F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B98F706F-1994-464F-A7BC-01E476EA699F",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm416-4c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9102A41-5812-4014-BC07-E571E815ED49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A2826CF-A6AD-4FC8-8CE7-F1B5ACAA7451",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm408-8c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7096DBA5-95BB-44D7-B7CA-B1845C87F70E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "192095A3-5A69-4B45-8A01-8A563C1ED8BA",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm408-4c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2AA81823-013F-4990-B62D-86C404F04BCB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E34C5BF4-3761-4762-B0DE-3C4235C8B04C",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm416-4c_l3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "86A2A766-9046-484F-9D49-4A1F4F0F96A4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E21E3308-2C77-4233-8827-3F0613121015",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm408-8c_l3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78562689-B494-4500-9725-B418F1EC3CAB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96CF5766-E762-4329-BDCC-6833CD90BC4E",
            "versionEndExcluding": "6.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_xm408-4c_l3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2FB222B-0414-4A1E-8BBD-6470CDB3BFF8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References