{"containers": {"cna": {"affected": [{"product": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2"}]}], "datePublic": "2017-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2."}], "problemTypes": [{"descriptions": [{"description": "denial of service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-24T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1"}, {"name": "95946", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95946"}, {"name": "1037771", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037771"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3812", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2", "version": {"version_data": [{"version_value": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1"}, {"name": "95946", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95946"}, {"name": "1037771", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037771"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3812", "datePublished": "2017-02-03T07:24:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2017-07-24T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64126B06-A388-40D2-A0A7-6520BCC90EE8", "versionEndIncluding": "15.2\\(5.4.32i\\)e2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-e_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "524D907D-4DDC-4439-A9E0-328BA272BE79", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "4057243E-C776-4048-AF08-F1339DECFB76", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-nx_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D7518A-B5EA-493C-80C7-4938A36FF621", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16t67-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "0474966A-3F71-474F-926F-D4C03F0989D5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16t67p-g-e_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "199F317F-4C29-4BE4-B5EE-FFD70C693A74", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-e_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "A805F6F4-D977-493F-B3E8-CCE64A6F5AE4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB0122F-82AB-467A-861B-9A9EAF36F695", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-n_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "69A29BB0-4033-4067-97E9-372C797A29CC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-x_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "334BC0D6-E9D8-47F5-AB48-7AB3F3A17844", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F1931F1-02FC-4F7D-8C18-C1482CD2530D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_24t67-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8F9FB2B-D9AD-46DD-8D2E-0FB71E2EA825", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "75325EB7-ABB8-409F-BB8E-1696FB3D0DA7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "03CB2133-041C-48EE-8594-2F80C7A89A05", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C4D3841-67B6-4E21-A68D-FED30EC2CDEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "E906703D-3946-4EE7-BEF1-9753409FEEF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "D64C4436-6BB8-48EB-923D-11B6F9F18B1D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ECD0A92-A198-463B-8046-92D738C40DAF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "87C75A46-74FC-4AF1-AF76-0CAC422473E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FE4BC00-19FE-468C-8BCE-193E72066B0E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "62729BD3-975A-4FCA-B255-FFFD51901081", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FAB865C-D5D6-474F-B42C-2C2958B1E876", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8t67-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE94DAA2-D52A-424B-8E17-FC17D4B117B4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8t67p-g-e_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "429B7E0E-2897-4838-AC6B-41B3A5D85204", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "22980E67-0A91-473F-9F86-3B594D7BE9FF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-b_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "4360DC5A-DD47-42C5-9940-B9FE24422758", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-e_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "417ACF82-6769-4441-92CB-8BD06470518A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "36036C1F-2A42-4633-AFD7-F4F8DEADBDE7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-n_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEE1A077-564B-49A3-84C4-3E9EA6EA7675", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-l_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DAFB25E-F057-423E-811D-1E4A8F9E2D73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Common Industrial Protocol (CIP) en Cisco Industrial Ethernet 2000 Series Switches podr\u00eda permitir a un atacante remoto no autenticado provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido a una fuga del sistema de memoria. M\u00e1s Informaci\u00f3n: CSCvc54788. Lanzamientos Afectados Conocidos: 15.2(5.4.32i)E2. Lanzamientos Reparados Conocidos: 15.2(5.4.62i)E2."}], "id": "CVE-2017-3812", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-03T07:59:00.763", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95946"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037771"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}