FKIE_CVE-2017-3812

Vulnerability from fkie_nvd - Published: 2017-02-03 07:59 - Updated: 2025-04-20 01:37
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/95946Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1037771
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95946Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037771
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1Vendor Advisory
Impacted products
Vendor Product Version
cisco industrial_ethernet_2000_series_firmware *
cisco industrial_ethernet_2000_16ptc-g-e_switch -
cisco industrial_ethernet_2000_16ptc-g-l_switch -
cisco industrial_ethernet_2000_16ptc-g-nx_switch -
cisco industrial_ethernet_2000_16t67-b_switch -
cisco industrial_ethernet_2000_16t67p-g-e_switch -
cisco industrial_ethernet_2000_16tc-g-e_switch -
cisco industrial_ethernet_2000_16tc-g-l_switch -
cisco industrial_ethernet_2000_16tc-g-n_switch -
cisco industrial_ethernet_2000_16tc-g-x_switch -
cisco industrial_ethernet_2000_16tc-l_switch -
cisco industrial_ethernet_2000_24t67-b_switch -
cisco industrial_ethernet_2000_4s-ts-g-b_switch -
cisco industrial_ethernet_2000_4s-ts-g-l_switch -
cisco industrial_ethernet_2000_4t-b_switch -
cisco industrial_ethernet_2000_4t-g-b_switch -
cisco industrial_ethernet_2000_4t-g-l_switch -
cisco industrial_ethernet_2000_4t-l_switch -
cisco industrial_ethernet_2000_4ts-b_switch -
cisco industrial_ethernet_2000_4ts-g-b_switch -
cisco industrial_ethernet_2000_4ts-g-l_switch -
cisco industrial_ethernet_2000_4ts-l_switch -
cisco industrial_ethernet_2000_8t67-b_switch -
cisco industrial_ethernet_2000_8t67p-g-e_switch -
cisco industrial_ethernet_2000_8tc-b_switch -
cisco industrial_ethernet_2000_8tc-g-b_switch -
cisco industrial_ethernet_2000_8tc-g-e_switch -
cisco industrial_ethernet_2000_8tc-g-l_switch -
cisco industrial_ethernet_2000_8tc-g-n_switch -
cisco industrial_ethernet_2000_8tc-l_switch -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64126B06-A388-40D2-A0A7-6520BCC90EE8",
              "versionEndIncluding": "15.2\\(5.4.32i\\)e2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-e_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "524D907D-4DDC-4439-A9E0-328BA272BE79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4057243E-C776-4048-AF08-F1339DECFB76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-nx_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D7518A-B5EA-493C-80C7-4938A36FF621",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16t67-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0474966A-3F71-474F-926F-D4C03F0989D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16t67p-g-e_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "199F317F-4C29-4BE4-B5EE-FFD70C693A74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-e_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A805F6F4-D977-493F-B3E8-CCE64A6F5AE4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DB0122F-82AB-467A-861B-9A9EAF36F695",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-n_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A29BB0-4033-4067-97E9-372C797A29CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-x_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "334BC0D6-E9D8-47F5-AB48-7AB3F3A17844",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1931F1-02FC-4F7D-8C18-C1482CD2530D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_24t67-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F9FB2B-D9AD-46DD-8D2E-0FB71E2EA825",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75325EB7-ABB8-409F-BB8E-1696FB3D0DA7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03CB2133-041C-48EE-8594-2F80C7A89A05",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4D3841-67B6-4E21-A68D-FED30EC2CDEF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E906703D-3946-4EE7-BEF1-9753409FEEF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D64C4436-6BB8-48EB-923D-11B6F9F18B1D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4t-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ECD0A92-A198-463B-8046-92D738C40DAF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C75A46-74FC-4AF1-AF76-0CAC422473E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE4BC00-19FE-468C-8BCE-193E72066B0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62729BD3-975A-4FCA-B255-FFFD51901081",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAB865C-D5D6-474F-B42C-2C2958B1E876",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8t67-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE94DAA2-D52A-424B-8E17-FC17D4B117B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8t67p-g-e_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "429B7E0E-2897-4838-AC6B-41B3A5D85204",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22980E67-0A91-473F-9F86-3B594D7BE9FF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-b_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4360DC5A-DD47-42C5-9940-B9FE24422758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-e_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "417ACF82-6769-4441-92CB-8BD06470518A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36036C1F-2A42-4633-AFD7-F4F8DEADBDE7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-n_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE1A077-564B-49A3-84C4-3E9EA6EA7675",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-l_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DAFB25E-F057-423E-811D-1E4A8F9E2D73",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Common Industrial Protocol (CIP) en Cisco Industrial Ethernet 2000 Series Switches podr\u00eda permitir a un atacante remoto no autenticado provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido a una fuga del sistema de memoria. M\u00e1s Informaci\u00f3n: CSCvc54788. Lanzamientos Afectados Conocidos: 15.2(5.4.32i)E2. Lanzamientos Reparados Conocidos: 15.2(5.4.62i)E2."
    }
  ],
  "id": "CVE-2017-3812",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-03T07:59:00.763",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95946"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037771"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.