Lucene search

[email protected]CVE-2021-20987

HistoryFeb 16, 2021 - 5:15 p.m.

CVE-2021-20987

2021-02-1617:15:12

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-20987

denial of service

memory corruption

vulnerability

hilscher ethernet/ip core v2

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

Affected configurations

NVD

Node

hilscherethernet\/ip_adapter_firmwareRange2.0–2.13.0.21

AND

hilscherethernet\/ip_adapterMatch-

Node

pepperl-fuchswcs_firmwareRange≤1.2.1

AND

pepperl-fuchswcs3b-ls510Match-

pepperl-fuchswcs3b-ls510-omMatch-

pepperl-fuchswcs3b-ls510dMatch-

pepperl-fuchswcs3b-ls510d-omMatch-

pepperl-fuchswcs3b-ls510dhMatch-

pepperl-fuchswcs3b-ls510dh-omMatch-

pepperl-fuchswcs3b-ls510hMatch-

pepperl-fuchswcs3b-ls510h-omMatch-

Node

pepperl-fuchspxv100-f200-b25-v1d_firmwareRange≤1.10.0

AND

pepperl-fuchspxv100-f200-b25-v1dMatch-

Node

pepperl-fuchspxv100i-f200-b25-v1d_firmwareRange≤1.10.0

AND

pepperl-fuchspxv100i-f200-b25-v1dMatch-

Node

pepperl-fuchspcv100-f200-b25-v1d-6011-6720_firmwareRange≤1.10.0

AND

pepperl-fuchspcv100-f200-b25-v1d-6011-6720Match-

Node

pepperl-fuchspcv50-f200-b25-v1d_firmwareRange≤1.10.0

AND

pepperl-fuchspcv50-f200-b25-v1dMatch-

Node

pepperl-fuchspcv80-f200-b25-v1d_firmwareRange≤1.10.0

AND

pepperl-fuchspcv80-f200-b25-v1dMatch-

Node

pepperl-fuchspcv100-f200-b25-v1d-6011_firmwareRange≤1.10.0

AND

pepperl-fuchspcv100-f200-b25-v1d-6011Match-

CPENameOperatorVersion
hilscher:ethernet\/ip_adapter_firmwarehilscher ethernet/ip adapter firmwarelt2.13.0.21

CPE	Name	Operator	Version
hilscher:ethernet\/ip_adapter_firmware	hilscher ethernet/ip adapter firmware	lt	2.13.0.21

CNA Affected

[
  {
    "product": "EtherNet/IP Core V2",
    "vendor": "Hilscher",
    "versions": [
      {
        "lessThan": "V2.13.0.21",
        "status": "affected",
        "version": "V2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "PCV/PXV/PGV",
    "vendor": "Pepper+Fuchs",
    "versions": [
      {
        "lessThanOrEqual": "V1.10.0",
        "status": "affected",
        "version": "PXV100-F200-B25-V1D, PXV100I-F200-B25-V1D, PCV100-F200-B25-V1D-6011-6720, PCV50-F200-B25-V1D, PCV80-F200-B25-V1D, PCV100-F200-B25-V1D-6011",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WCS",
    "vendor": "Pepper+Fuchs",
    "versions": [
      {
        "lessThanOrEqual": "V1.2.1",
        "status": "affected",
        "version": "WCS3B-LS510, WCS3B-LS510H, WCS3B-LS510D, WCS3B-LS510DH, WCS3B-LS510H-OM, WCS3B-LS510DH-OM, WCS3B-LS510D-OM, WCS3B-LS510-OM",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-007

kb.hilscher.com/pages/viewpage.action?pageId=108969480

Social References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVE-2021-20987

prion1 nvd1 cvelist1