| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| The vulnerability of the HiOS operating system with respect to Belden Hirschmann’s OS2, RSP, and RSPE network switches allows a hacker to cause maintenance failures. | 19 Feb 202100:00 | – | bdu_fstec | |
| CVE-2020-9307 | 12 Feb 202100:42 | – | circl | |
| Hirschmann Security Breach | 11 Feb 202100:00 | – | cnnvd | |
| CVE-2020-9307 | 11 Feb 202120:32 | – | cve | |
| CVE-2020-9307 | 11 Feb 202120:32 | – | cvelist | |
| EUVD-2020-30131 | 7 Oct 202500:30 | – | euvd | |
| Hitachi ABB Power Grids AFS Series | 16 Mar 202100:00 | – | ics | |
| CVE-2020-9307 | 11 Feb 202121:15 | – | nvd | |
| CVE-2020-9307 | 11 Feb 202121:15 | – | osv | |
| Design/Logic Flaw | 11 Feb 202121:15 | – | prion |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(503961);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");
script_cve_id("CVE-2020-9307");
script_xref(name:"ICSA", value:"21-075-03");
script_name(english:"Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"AFS660/AFS665 Version 7.0.07 are affected by a denial of service vulnerability.
An unauthenticated, adjacent attacker can cause an
infinite loop on one of the HSR ring ports of the device. This
effectively breaks the redundancy of the HSR ring. If the attacker can
perform the same attack on a second device, the ring is broken into
two parts (thus disrupting communication between devices in the
different parts).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view
# script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83797cf6");
script_set_attribute(attribute:"see_also", value:"https://www.belden.com/security");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Hitachi ABB Power Grids has published an advisory for AFS Series and advises users to update products with available
updates. The update removes the vulnerability by modifying the way the switch processes HSR frames.
For additional information and support, contact a product provider or Hitachi ABB Power Grids service organization. For
contact information, see Hitachi ABB Power Grids contact-centers.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9307");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(835);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs660");
script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs660-sr");
script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs665");
script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:afs665-sr");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/ABB");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/ABB');
var asset = tenable_ot::assets::get(vendor:'ABB');
var vuln_cpes = {
"cpe:/o:abb:afs660" :
{"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
"cpe:/o:abb:afs660-sr" :
{"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
"cpe:/o:abb:afs665" :
{"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
"cpe:/o:abb:afs665-sr" :
{"versionEndIncluding" : "7.0.07", "versionStartIncluding" : "7.0.07", "family" : "AbbAFS"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation