关键信息 漏洞概述 漏洞名称: 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerabilities CVE编号: CVE-2020-3177, CVE-2017-9481 严重性: High (CVSS 3.1 Base Score: 7.5 CVSS v3) 发布日期: October 14, 2020 影响的产品和版本 受影响产品: DPII-ENETB EtherNet/IP Adapter 受影响软件版本: - Version 3.00 and prior (CVE-2020-3177) - Version 6.00 and prior (CVE-2017-9481) 漏洞详情 CVE-2020-3177: - 影响: A critical security issue exists in the affected product and version. The security issue is caused by a high number of requests sent to the HTTP server which causes it to crash. - 修复版本: Version 3.01 or later CVE-2017-9481: - 影响: A critical security issue exists in the affected product and version. The security issue is caused through CIP communication using malformed payloads. - 修复版本: Version 6.01 or later 已知利用情况 CVE-2020-3177: No known exploited vulnerability listed in KEV database CVE-2017-9481: No known exploited vulnerability listed in KEV database 缓解措施和变通方法 建议: Customers using the affected software who are not able to upgrade to one of the corrected versions, should use necessary local solutions. 其他信息 术语解释: - Known Exploited Vulnerability (KEV) database - DPI Communication - Denial-of-Service (DoS) - Web Server