What is CVE-2020-28393?

CVE-2020-28393 is a vulnerability that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition on affected Siemens SCALANCE XM-400 and XR-500 devices prior to version 6.4.

How severe is CVE-2020-28393?

CVE-2020-28393 has a severity value of 7.5, indicating a high severity.

Which devices are affected by CVE-2020-28393?

Siemens SCALANCE XM-400 and XR-500 devices prior to version 6.4 are affected by CVE-2020-28393.

How can an attacker exploit CVE-2020-28393?

An unauthenticated remote attacker can exploit CVE-2020-28393 by sending specially crafted OSPF packets.

Are there any fixes available for CVE-2020-28393?

The affected devices can be fixed by updating to version 6.4 of Siemens SCALANCE XM-400 and XR-500 firmware.

Vulnerability/
CVE-2020-28393

high

7.5

CWE

682

12/5/2021

21/5/2021

CVE-2020-28393

First published: Wed May 12 2021(Updated: )

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Scalance Xm-400 Firmware	<6.4
Siemens Scalance Xm-400
Siemens Scalance Xr524 Firmware	<6.4
Siemens Scalance Xr524
Siemens Scalance Xr526 Firmware	<6.4
Siemens Scalance Xr526
Siemens Scalance Xr528 Firmware	<6.4
Siemens Scalance Xr528
Siemens Scalance Xr552 Firmware	<6.4
Siemens Scalance Xr552
Siemens Scalance Xm416-4c Firmware	<6.4
Siemens Scalance Xm416-4c
Siemens Scalance Xm408-8c Firmware	<6.4
Siemens Scalance Xm408-8c
Siemens Scalance Xm408-4c Firmware	<6.4
Siemens Scalance Xm408-4c
Siemens Scalance Xm416-4c L3 Firmware	<6.4
Siemens Scalance Xm416-4c L3
Siemens Scalance Xm408-8c L3 Firmware	<6.4
Siemens Scalance Xm408-8c L3
Siemens Scalance Xm408-4c L3 Firmware	<6.4
Siemens Scalance Xm408-4c L3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-28393?
CVE-2020-28393 is a vulnerability that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition on affected Siemens SCALANCE XM-400 and XR-500 devices prior to version 6.4.
How severe is CVE-2020-28393?
CVE-2020-28393 has a severity value of 7.5, indicating a high severity.
Which devices are affected by CVE-2020-28393?
Siemens SCALANCE XM-400 and XR-500 devices prior to version 6.4 are affected by CVE-2020-28393.
How can an attacker exploit CVE-2020-28393?
An unauthenticated remote attacker can exploit CVE-2020-28393 by sending specially crafted OSPF packets.
Are there any fixes available for CVE-2020-28393?
The affected devices can be fixed by updating to version 6.4 of Siemens SCALANCE XM-400 and XR-500 firmware.

collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/siemens
canonical/siemens scalance xm-400 firmware
canonical/siemens scalance xm-400
canonical/siemens scalance xr524 firmware
canonical/siemens scalance xr524
canonical/siemens scalance xr526 firmware
canonical/siemens scalance xr526
canonical/siemens scalance xr528 firmware
canonical/siemens scalance xr528
canonical/siemens scalance xr552 firmware
canonical/siemens scalance xr552
canonical/siemens scalance xm416-4c firmware
canonical/siemens scalance xm416-4c
canonical/siemens scalance xm408-8c firmware
canonical/siemens scalance xm408-8c
canonical/siemens scalance xm408-4c firmware
canonical/siemens scalance xm408-4c
canonical/siemens scalance xm416-4c l3 firmware
canonical/siemens scalance xm416-4c l3
canonical/siemens scalance xm408-8c l3 firmware
canonical/siemens scalance xm408-8c l3
canonical/siemens scalance xm408-4c l3 firmware
canonical/siemens scalance xm408-4c l3