CVE-2020-28400
HIGHSiemens SCALANCE and RUGGEDCOM Firmware - Unauthenticated Denial of Service via DCP Reset Packet Flood
Title source: llmDescription
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-599968.html
Scores
CVSS v3
7.5
EPSS
0.0108
EPSS Percentile
78.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (50)
Siemens/Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens/Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
Siemens/Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
< V4.7
siemens/dk_standard_ethernet_controller_evaluation_kit_firmware
siemens/ek-ertec_200_evaulation_kit_firmware
siemens/ek-ertec_200p_evaluation_kit_firmware
< 4.7
Siemens/RUGGEDCOM RM1224 LTE(4G) EU
< V6.4
Siemens/RUGGEDCOM RM1224 LTE(4G) NAM
< V6.4
siemens/ruggedcom_rm1224_firmware
< 6.4
Siemens/SCALANCE M804PB
< V6.4
... and 40 more
Published
Jul 13, 2021
Tracked Since
Feb 18, 2026