CVE-2020-25705
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.9%
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Siemens Lunux Based Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SI ...[truncated*]"
}
]
}
]Social References
More
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.9%