// For flags

CVE-2020-13573

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del servidor Ethernet/IP de Rockwell Automation RSLinx Classic versión 2.57.00.14 CPR 9 SR 3. Una petición de red especialmente diseñada puede conllevar a una denegación de servicio. Un atacante puede enviar una secuencia de paquetes maliciosos para activar esta vulnerabilidad

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-05-26 CVE Reserved
  • 2021-01-07 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-823: Use of Out-of-range Pointer Offset
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rockwellautomation
Search vendor "Rockwellautomation"
Rslinx
Search vendor "Rockwellautomation" for product "Rslinx"
2.57.00.14
Search vendor "Rockwellautomation" for product "Rslinx" and version "2.57.00.14"
cpr9_sr3, classic
Affected