Lucene search

CiscoCVE-2017-3812

HistoryFeb 03, 2017 - 7:59 a.m.

CVE-2017-3812

2017-02-0307:59:00

CWE-772

cisco

web.nvd.nist.gov

cisco

industrial ethernet

cip

vulnerability

dos

nvd

cve-2017-3812

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

Affected configurations

Nvd

Node

ciscoindustrial_ethernet_2000_series_firmwareRange≤15.2\(5.4.32i\)e2

AND

ciscoindustrial_ethernet_2000_16ptc-g-e_switchMatch-

ciscoindustrial_ethernet_2000_16ptc-g-l_switchMatch-

ciscoindustrial_ethernet_2000_16ptc-g-nx_switchMatch-

ciscoindustrial_ethernet_2000_16t67-b_switchMatch-

ciscoindustrial_ethernet_2000_16t67p-g-e_switchMatch-

ciscoindustrial_ethernet_2000_16tc-g-e_switchMatch-

ciscoindustrial_ethernet_2000_16tc-g-l_switchMatch-

ciscoindustrial_ethernet_2000_16tc-g-n_switchMatch-

ciscoindustrial_ethernet_2000_16tc-g-x_switchMatch-

ciscoindustrial_ethernet_2000_16tc-l_switchMatch-

ciscoindustrial_ethernet_2000_24t67-b_switchMatch-

ciscoindustrial_ethernet_2000_4s-ts-g-b_switchMatch-

ciscoindustrial_ethernet_2000_4s-ts-g-l_switchMatch-

ciscoindustrial_ethernet_2000_4t-b_switchMatch-

ciscoindustrial_ethernet_2000_4t-g-b_switchMatch-

ciscoindustrial_ethernet_2000_4t-g-l_switchMatch-

ciscoindustrial_ethernet_2000_4t-l_switchMatch-

ciscoindustrial_ethernet_2000_4ts-b_switchMatch-

ciscoindustrial_ethernet_2000_4ts-g-b_switchMatch-

ciscoindustrial_ethernet_2000_4ts-g-l_switchMatch-

ciscoindustrial_ethernet_2000_4ts-l_switchMatch-

ciscoindustrial_ethernet_2000_8t67-b_switchMatch-

ciscoindustrial_ethernet_2000_8t67p-g-e_switchMatch-

ciscoindustrial_ethernet_2000_8tc-b_switchMatch-

ciscoindustrial_ethernet_2000_8tc-g-b_switchMatch-

ciscoindustrial_ethernet_2000_8tc-g-e_switchMatch-

ciscoindustrial_ethernet_2000_8tc-g-l_switchMatch-

ciscoindustrial_ethernet_2000_8tc-g-n_switchMatch-

ciscoindustrial_ethernet_2000_8tc-l_switchMatch-

VendorProductVersionCPE
ciscoindustrial_ethernet_2000_series_firmware*cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware:*:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16ptc-g-e_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-e_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16ptc-g-l_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-l_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16ptc-g-nx_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-nx_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16t67-b_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16t67-b_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16t67p-g-e_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16t67p-g-e_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16tc-g-e_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-e_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16tc-g-l_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-l_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16tc-g-n_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-n_switch:-:*:*:*:*:*:*:*
ciscoindustrial_ethernet_2000_16tc-g-x_switch-cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-x_switch:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	industrial_ethernet_2000_series_firmware	*	cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware::::::::
cisco	industrial_ethernet_2000_16ptc-g-e_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-e_switch:-:::::::*
cisco	industrial_ethernet_2000_16ptc-g-l_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-l_switch:-:::::::*
cisco	industrial_ethernet_2000_16ptc-g-nx_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-nx_switch:-:::::::*
cisco	industrial_ethernet_2000_16t67-b_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16t67-b_switch:-:::::::*
cisco	industrial_ethernet_2000_16t67p-g-e_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16t67p-g-e_switch:-:::::::*
cisco	industrial_ethernet_2000_16tc-g-e_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-e_switch:-:::::::*
cisco	industrial_ethernet_2000_16tc-g-l_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-l_switch:-:::::::*
cisco	industrial_ethernet_2000_16tc-g-n_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-n_switch:-:::::::*
cisco	industrial_ethernet_2000_16tc-g-x_switch	-	cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-x_switch:-:::::::*

Rows per page:

1-10 of 301

CNA Affected

[
  {
    "product": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/95946

www.securitytracker.com/id/1037771

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2017-3812