A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.
The vulnerability is due to improper handling of malformed CIP packets. An attacker could exploit this vulnerability by sending malformed CIP requests to a targeted device. A successful exploit could allow the attacker to cause a DoS condition on the targeted device due to low system memory.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | industrial_ethernet_2000_series_firmware | any | cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware:any:*:*:*:*:*:*:* |
cisco | industrial_ethernet_3000 | 2000_series_switches | cpe:2.3:h:cisco:industrial_ethernet_3000:2000_series_switches:*:*:*:*:*:*:* |