CVE-2017-3812

MEDIUM

Cisco Industrial Ethernet - DoS

Title source: llm

Description

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95946

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037771

Scores

CVSS v3 6.8

EPSS 0.0069

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (2)

cisco/industrial_ethernet_2000_series_firmware < 15.2\(5.4.32i\)e2

n/a/Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2 < Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2

Timeline

Published Feb 03, 2017

Tracked Since Feb 18, 2026