Vulnerability CVE-2017-3812
Published: 2017-02-03

Description:
A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

Type:

CWE-772

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Industrial ethernet 2000 series firmware 

 References:
http://www.securityfocus.com/bid/95946
http://www.securitytracker.com/id/1037771
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1
Copyright 2024, cxsecurity.com

 

Back to Top