Lucene search
K

Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)

🗓️ 13 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

CVE-2020-9307: AFS660/AFS665 denial of service by an unauthenticated attacker causing infinite HSR ring loop.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the HiOS operating system with respect to Belden Hirschmann’s OS2, RSP, and RSPE network switches allows a hacker to cause maintenance failures.
19 Feb 202100:00
bdu_fstec
Circl
CVE-2020-9307
12 Feb 202100:42
circl
CNNVD
Hirschmann Security Breach
11 Feb 202100:00
cnnvd
CVE
CVE-2020-9307
11 Feb 202120:32
cve
Cvelist
CVE-2020-9307
11 Feb 202120:32
cvelist
EUVD
EUVD-2020-30131
7 Oct 202500:30
euvd
ICS
Hitachi ABB Power Grids AFS Series
16 Mar 202100:00
ics
NVD
CVE-2020-9307
11 Feb 202121:15
nvd
OSV
CVE-2020-9307
11 Feb 202121:15
osv
Prion
Design/Logic Flaw
11 Feb 202121:15
prion
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(503961);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2020-9307");
  script_xref(name:"ICSA", value:"21-075-03");

  script_name(english:"Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"AFS660/AFS665 Version 7.0.07 are affected by a denial of service vulnerability.
 An unauthenticated, adjacent attacker can cause an
infinite loop on one of the HSR ring ports of the device. This
effectively breaks the redundancy of the HSR ring. If the attacker can
perform the same attack on a second device, the ring is broken into
two parts (thus disrupting communication between devices in the
different parts).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view
# script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83797cf6");
  script_set_attribute(attribute:"see_also", value:"https://www.belden.com/security");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-03");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Hitachi ABB Power Grids has published an advisory for AFS Series and advises users to update products with available
updates. The update removes the vulnerability by modifying the way the switch processes HSR frames.

For additional information and support, contact a product provider or Hitachi ABB Power Grids service organization. For
contact information, see Hitachi ABB Power Grids contact-centers.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9307");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(835);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs660");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs660-sr");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs665");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs665-sr");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/o:abb:afs660" :
        {"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
    "cpe:/o:abb:afs660-sr" :
        {"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
    "cpe:/o:abb:afs665" :
        {"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
    "cpe:/o:abb:afs665-sr" :
        {"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 26.1
CVSS 3.16.5
EPSS0.00566
4