CVE Vulnerabilities

CVE-2020-9307

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Feb 11, 2021 | Modified: Feb 23, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
6.1 MEDIUM
AV:A/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Hirschmann_hios Belden 07.0.04 (including) 07.1.00 (excluding)
Hirschmann_hios Belden 08.0.00 (including) 08.3.00 (excluding)

References