CVE-2020-37216— Hirschmann HiOS EtherNet/IP Stack Denial of Service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-37216
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hirschmann HiOS EtherNet/IP Stack Denial of Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden Hirschmann HiOS 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden Hirschmann HiOS是美国Belden公司的一个工业以太网交换机操作系统。 Belden Hirschmann HiOS 08.1.00之前版本和07.1.01之前版本存在输入验证错误漏洞,该漏洞源于EtherNet/IP栈中数据包长度字段处理不当,可能导致远程拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belden | Hirschmann HiOS | >= 08.1.00 | - |
II. Public POCs for CVE-2020-37216
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-37216
请登录查看更多情报信息。
- Hirschmann HiOS EtherNet/IP Stack Denial of Service | Advisories | VulnCheckthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-37216
Same Patch Batch · Belden · 2026-04-03 · 11 CVEs total
| CVE-2017-20237 | 9.8 CRITICAL | Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution |
| CVE-2018-25237 | 9.8 CRITICAL | Hirschmann HiSecOS Buffer Overflow via HTTPS Login |
| CVE-2018-25236 | 9.8 CRITICAL | Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management |
| CVE-2017-20234 | 9.8 CRITICAL | GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String |
| CVE-2021-4477 | 9.1 CRITICAL | Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass |
| CVE-2016-15058 | 8.1 HIGH | Hirschmann HiLCOS Classic Platform Password Exposure via SNMP |
| CVE-2015-10148 | 7.5 HIGH | Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys |
| CVE-2022-4987 | 7.3 HIGH | Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Co |
| CVE-2017-20238 | 7.1 HIGH | Hirschmann Industrial HiVision Improper Authorization Privilege Escalation |
| CVE-2017-20233 | 5.4 MEDIUM | Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass |
IV. Related Vulnerabilities
Same vendor: Belden
- CVE-2017-20234
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardc - CVE-2017-20233
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traff - CVE-2018-25236
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Manag - CVE-2021-4477
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass - CVE-2017-20238
Hirschmann Industrial HiVision Improper Authorization Privil
Same weakness: CWE-20
V. Comments for CVE-2020-37216
No comments yet