// For flags

CVE-2020-25241

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.

Se ha identificado una vulnerabilidad en la familia SIMATIC MV400 (todas las versiones anteriores a V7.0.6).&#xa0;La pila TCP subyacente de los productos afectados no comprueba correctamente el número de secuencia de los paquetes TCP RST entrantes.&#xa0;Un atacante podría explotar esto para terminar sesiones de TCP arbitrarias

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-10 CVE Reserved
  • 2021-03-15 CVE Published
  • 2023-11-29 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-129: Improper Validation of Array Index
  • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Simatic Mv440 Sr Firmware
Search vendor "Siemens" for product "Simatic Mv440 Sr Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv440 Sr Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv440 Sr
Search vendor "Siemens" for product "Simatic Mv440 Sr"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv440 Hr Firmware
Search vendor "Siemens" for product "Simatic Mv440 Hr Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv440 Hr Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv440 Hr
Search vendor "Siemens" for product "Simatic Mv440 Hr"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv440 Ur Firmware
Search vendor "Siemens" for product "Simatic Mv440 Ur Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv440 Ur Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv440 Ur
Search vendor "Siemens" for product "Simatic Mv440 Ur"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-b Firmware
Search vendor "Siemens" for product "Simatic Mv420 Sr-b Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv420 Sr-b Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-b
Search vendor "Siemens" for product "Simatic Mv420 Sr-b"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-p Firmware
Search vendor "Siemens" for product "Simatic Mv420 Sr-p Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv420 Sr-p Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-p
Search vendor "Siemens" for product "Simatic Mv420 Sr-p"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-b Body Firmware
Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-b Body
Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body"
--
Safe
Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-p Body Firmware
Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body Firmware"
< 7.0.6
Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body Firmware" and version " < 7.0.6"
-
Affected
in Siemens
Search vendor "Siemens"
Simatic Mv420 Sr-p Body
Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body"
--
Safe