MidnightBSD

Advisories for hilscher

CVE-2021-20986 MEDIUM

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
hilscher profinet_io_device_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011-8203_firmware *
pepperl-fuchs pgv100-f200-b17-v1d-7477_firmware *
pepperl-fuchs pxv100-f200-b17-v1d-3636_firmware *
pepperl-fuchs pxv100-f200-b17-v1d_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011-6997_firmware *
pepperl-fuchs pxv100aq-f200-b28-v1d-6011_firmware *
pepperl-fuchs wcs_firmware *
pepperl-fuchs pcv50-f200-b17-v1d_firmware *
pepperl-fuchs pcv100-f200-b17-v1d_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011_firmware *
pepperl-fuchs ohv-f230-b17_firmware *
pepperl-fuchs pgv100a-f200-b28-v1d_firmware *
pepperl-fuchs pxv100aq-f200-b28-v1d_firmware *
pepperl-fuchs pgv100aq-f200-b28-v1d_firmware *
pepperl-fuchs pgv100aq-f200a-b28-v1d_firmware *
pepperl-fuchs pgv100-f200a-b17-v1d_firmware *
pepperl-fuchs pcv80-f200-b17-v1d_firmware *
pepperl-fuchs pha_firmware *
pepperl-fuchs pgv150i-f200a-b17-v1d_firmware *
pepperl-fuchs pxv100a-f200-b28-v1d_firmware *
pepperl-fuchs pgv100a-f200a-b28-v1d_firmware *
pepperl-fuchs oit500-f113b17-cb_firmware *
pepperl-fuchs pxv100a-f200-b28-v1d-6011_firmware *
CVE-2021-20987 HIGH

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
pepperl-fuchs pcv80-f200-b25-v1d_firmware *
pepperl-fuchs pcv100-f200-b25-v1d-6011_firmware *
pepperl-fuchs pxv100-f200-b25-v1d_firmware *
pepperl-fuchs pcv100-f200-b25-v1d-6011-6720_firmware *
hilscher ethernet/ip_adapter_firmware *
pepperl-fuchs pcv50-f200-b25-v1d_firmware *
pepperl-fuchs wcs_firmware *
pepperl-fuchs pxv100i-f200-b25-v1d_firmware *
CVE-2021-20988 MEDIUM

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
pepperl-fuchs ice1-16di-g60l-v1d_firmware *
pepperl-fuchs ice1-16dio-g60l-c1-v1d_firmware *
pepperl-fuchs ice1-16dio-g60l-v1d_firmware *
hilscher rcx_rtos *
pepperl-fuchs ice1-8iol-g30l-v1d_firmware *
pepperl-fuchs ice1-8di8do-g60l-c1-v1d_firmware *
pepperl-fuchs ice1-8di8do-g60l-v1d_firmware *
pepperl-fuchs ice1-8iol-g60l-v1d_firmware *
pepperl-fuchs ice1-8iol-s2-g60l-v1d_firmware *