CVE-2017-3812

MEDIUM

Cisco Industrial Ethernet 2000 Series Firmware < 15.2(5.4.62i)E2 - Unauthenticated Denial of Service via CIP Memory Leak

Title source: llm

Description

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95946

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037771

Scores

CVSS v3 6.8

EPSS 0.0281

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (2)

cisco/industrial_ethernet_2000_series_firmware < 15.2\(5.4.32i\)e2

n/a/Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2 Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2

Published Feb 03, 2017

Tracked Since Feb 18, 2026