CVE-2020-25241
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.
Se ha identificado una vulnerabilidad en la familia SIMATIC MV400 (todas las versiones anteriores a V7.0.6). La pila TCP subyacente de los productos afectados no comprueba correctamente el número de secuencia de los paquetes TCP RST entrantes. Un atacante podría explotar esto para terminar sesiones de TCP arbitrarias
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-10 CVE Reserved
- 2021-03-15 CVE Published
- 2023-11-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-129: Improper Validation of Array Index
- CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf | 2021-03-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Simatic Mv440 Sr Firmware Search vendor "Siemens" for product "Simatic Mv440 Sr Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv440 Sr Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv440 Sr Search vendor "Siemens" for product "Simatic Mv440 Sr" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv440 Hr Firmware Search vendor "Siemens" for product "Simatic Mv440 Hr Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv440 Hr Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv440 Hr Search vendor "Siemens" for product "Simatic Mv440 Hr" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv440 Ur Firmware Search vendor "Siemens" for product "Simatic Mv440 Ur Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv440 Ur Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv440 Ur Search vendor "Siemens" for product "Simatic Mv440 Ur" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv420 Sr-b Firmware Search vendor "Siemens" for product "Simatic Mv420 Sr-b Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv420 Sr-b Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv420 Sr-b Search vendor "Siemens" for product "Simatic Mv420 Sr-b" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv420 Sr-p Firmware Search vendor "Siemens" for product "Simatic Mv420 Sr-p Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv420 Sr-p Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv420 Sr-p Search vendor "Siemens" for product "Simatic Mv420 Sr-p" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv420 Sr-b Body Firmware Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv420 Sr-b Body Search vendor "Siemens" for product "Simatic Mv420 Sr-b Body" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Mv420 Sr-p Body Firmware Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body Firmware" | < 7.0.6 Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body Firmware" and version " < 7.0.6" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Mv420 Sr-p Body Search vendor "Siemens" for product "Simatic Mv420 Sr-p Body" | - | - |
Safe
|