An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C
Vendors Products
Siemens
  • Scalance Xr524 Firmware
  • Scalance Xm408-4c L3 Firmware
  • Scalance Xr526 Firmware
  • Scalance Xr552
  • Scalance Xr528
  • Scalance Xm-400 Firmware
  • Scalance Xm416-4c Firmware
  • Scalance Xm408-8c
  • Scalance Xr524
  • Scalance Xm416-4c L3 Firmware
  • Scalance Xm408-8c Firmware
  • Scalance Xm408-8c L3
  • Scalance Xm-400
  • Scalance Xr528 Firmware
  • Scalance Xm416-4c L3
  • Scalance Xr552 Firmware
  • Scalance Xm416-4c
  • Scalance Xm408-4c
  • Scalance Xm408-4c Firmware
  • Scalance Xr526
  • Scalance Xm408-4c L3
  • Scalance Xm408-8c L3 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr524:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr526:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr528:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr552:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm416-4c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm408-8c:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm408-4c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm416-4c_l3:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm408-8c_l3:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm408-4c_l3:-:*:*:*:*:*:*:*
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2021-05-12T13:18:22

Updated: 2021-05-13T12:00:54

Reserved: 2020-11-10T00:00:00

Link: CVE-2020-28393

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-05-12T14:15:11.083

Modified: 2021-05-21T14:03:28.083

Link: CVE-2020-28393

JSON object: View

cve-icon Redhat Information

No data.

CWE