Detections
Analytics

Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)

medium Tenable OT Security Plugin ID 502266

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Hitachi ABB Power Grids has published an advisory for AFS Series and advises users to update products with available updates. The update removes the vulnerability by modifying the way the switch processes HSR frames.

For additional information and support, contact a product provider or Hitachi ABB Power Grids service organization. For contact information, see Hitachi ABB Power Grids contact-centers.

See Also

http://www.nessus.org/u?83797cf6

https://www.belden.com/security

https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-03

Plugin Details

Severity: Medium

ID: 502266

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 6/10/2024

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-9307

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:belden:hirschmann_hios:08, cpe:/o:belden:hirschmann_hios:07

Required KB Items: Tenable.ot/Hirschmann

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2021

Vulnerability Publication Date: 2/11/2021

Reference Information

CVE: CVE-2020-9307

CWE: 835

ICSA: 21-075-03