CVE-2020-9307

Published: Feb 11, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).

Affected (2)

Products: Belden: Hirschmann Hios

1 product

Hirschmann Hios

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Belden Hirschmann Hios	From 07.0.04 to 07.1.00
Belden Hirschmann Hios	From 08.0.00 to 08.3.00

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view

Source: cve@mitre.org

Vendor Advisory

https://www.belden.com/security

Source: cve@mitre.org

Vendor Advisory

https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.belden.com/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.