CVE-2020-25241
Last modified
CVE-2020-25241 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. EPSS estimates a 1.03% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Mv440 Sr Firmware | < 7.0.6 |
| Siemens | Simatic Mv440 Hr Firmware | < 7.0.6 |
| Siemens | Simatic Mv440 Ur Firmware | < 7.0.6 |
| Siemens | Simatic Mv420 Sr-B Firmware | < 7.0.6 |
| Siemens | Simatic Mv420 Sr-P Firmware | < 7.0.6 |
| Siemens | Simatic Mv420 Sr-B Body Firmware | < 7.0.6 |
| Siemens | Simatic Mv420 Sr-P Body Firmware | < 7.0.6 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25241?
How severe is CVE-2020-25241?
How do I fix CVE-2020-25241?
Are you affected by CVE-2020-25241?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST