Detections
Analytics
Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)
medium Tenable OT Security Plugin ID 502266
Synopsis
The remote OT asset is affected by a vulnerability.Description
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Hitachi ABB Power Grids has published an advisory for AFS Series and advises users to update products with available updates. The update removes the vulnerability by modifying the way the switch processes HSR frames.
For additional information and support, contact a product provider or Hitachi ABB Power Grids service organization. For contact information, see Hitachi ABB Power Grids contact-centers.
See Also
http://www.nessus.org/u?83797cf6
https://www.belden.com/security
https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-03
Plugin Details
Severity: Medium
ID: 502266
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 6/10/2024
Updated: 6/11/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 4.5
Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2020-9307
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:belden:hirschmann_hios:08, cpe:/o:belden:hirschmann_hios:07
Required KB Items: Tenable.ot/Hirschmann
Exploit Ease: No known exploits are available
Patch Publication Date: 2/11/2021
Vulnerability Publication Date: 2/11/2021
Reference Information
CVE: CVE-2020-9307
CWE: 835