CVE-2020-28400 : What You Need to Know
Learn about CVE-2020-28400 affecting Siemens devices, allowing unauthenticated attackers to trigger a denial-of-service condition by flooding devices with DCP reset packets.
Siemens devices are affected by a vulnerability that allows unauthenticated attackers to trigger a denial-of-service condition by sending a large number of DCP reset packets.
Understanding CVE-2020-28400
Siemens products are impacted by a vulnerability that can be exploited to cause a denial-of-service condition.
What is CVE-2020-28400?
The vulnerability in Siemens devices enables unauthenticated attackers to disrupt services by flooding the device with DCP reset packets.
The Impact of CVE-2020-28400
The vulnerability can lead to a denial-of-service condition, affecting the availability of the affected Siemens devices.
Technical Details of CVE-2020-28400
Siemens products are susceptible to a denial-of-service attack due to a flaw that allows unauthenticated users to overwhelm the devices with DCP reset packets.
Vulnerability Description
The vulnerability in Siemens devices permits unauthenticated attackers to trigger a denial-of-service state by sending a high volume of DCP reset packets.
Affected Systems and Versions
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions)
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions)
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7)
- RUGGEDCOM RM1224 (All Versions < V6.4)
- Various SCALANCE products (All Versions < V6.4)
- SIMATIC CFU PA (All versions)
- SIMATIC CM 1542-1 (All versions < V3.0)
- SIMATIC CP1616/CP1604 (All Versions >= V2.7)
- SIMATIC CP1626 (All versions)
- And more
Exploitation Mechanism
The vulnerability can be exploited by sending a large number of DCP reset packets to the affected Siemens devices, causing a denial-of-service condition.
Mitigation and Prevention
To address CVE-2020-28400, follow these mitigation steps:
Immediate Steps to Take
- Apply patches provided by Siemens to fix the vulnerability.
- Implement network segmentation to limit exposure of affected devices.
- Monitor network traffic for any signs of DCP reset packet flooding.
Long-Term Security Practices
- Regularly update and patch Siemens devices to protect against known vulnerabilities.
- Conduct security assessments and penetration testing to identify and address potential weaknesses.
Patching and Updates
- Siemens may release patches or updates to address the vulnerability. Stay informed about security advisories and apply patches promptly.