CVE-2020-25241: Out-of-bounds Read
First published: Mon Mar 15 2021(Updated: )
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIMATIC MV440 SR | <7.0.6 | |
| Siemens SIMATIC MV440 SR Firmware | ||
| Siemens SIMATIC MV440 HR | <7.0.6 | |
| Siemens SIMATIC MV440 HR Firmware | ||
| Siemens SIMATIC MV440 UR | <7.0.6 | |
| Siemens SIMATIC MV440 UR | ||
| Siemens SIMATIC MV420 SR-B Body Firmware | <7.0.6 | |
| Siemens SIMATIC MV420 SR-B Body Firmware | ||
| Siemens Simatic MV420 Firmware | <7.0.6 | |
| Siemens SIMATIC MV420 SR-P Firmware | ||
| Siemens Simatic MV420 Firmware | <7.0.6 | |
| Siemens SIMATIC MV420 SR-B Body Firmware | ||
| Siemens Simatic MV420 Firmware | <7.0.6 | |
| Siemens SIMATIC MV420 SR-P |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens simatic mv440 sr
- canonical/siemens simatic mv440 sr firmware
- canonical/siemens simatic mv440 hr
- canonical/siemens simatic mv440 hr firmware
- canonical/siemens simatic mv440 ur
- canonical/siemens simatic mv420 sr-b body firmware
- canonical/siemens simatic mv420 firmware
- canonical/siemens simatic mv420 sr-p firmware
- canonical/siemens simatic mv420 sr-p