CVE-2020-6083
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad ENIP Request Path Port Segment de Allen-Bradley Flex IO 1794-AENT/ B. Una petición de red especialmente diseñada puede causar una pérdida de comunicaciones con el dispositivo resultando en una denegación de servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-07 CVE Reserved
- 2020-10-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1005 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Flex Io 1794-aent\/b Firmware Search vendor "Rockwellautomation" for product "Allen-bradley Flex Io 1794-aent\/b Firmware" | 4.003 Search vendor "Rockwellautomation" for product "Allen-bradley Flex Io 1794-aent\/b Firmware" and version "4.003" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Flex Io 1794-aent\/b Search vendor "Rockwellautomation" for product "Allen-bradley Flex Io 1794-aent\/b" | - | - |
Safe
|