Rockwell Automation Flex IO ENIP Request Path Network Segment denial of service

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Rockwell Automation Flex IO (Automation Software) (version unknown). Affected is an unknown code of the component ENIP Request Path Network Segment Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/04/2021 06:49 PM02/23/2021 02:50 PM
vendorRockwell AutomationRockwell Automation
nameFlex IOFlex IO
componentENIP Request Path Network Segment HandlerENIP Request Path Network Segment Handler
cwe404 (denial of service)404 (denial of service)
risk11
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
identifierTALOS-2020-1008TALOS-2020-1008
urlhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1008https://talosintelligence.com/vulnerability_reports/TALOS-2020-1008
cveCVE-2020-6088CVE-2020-6088
date1612393200 (02/04/2021)1612393200 (02/04/2021)
typeAutomation SoftwareAutomation Software
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.32.3
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.5
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.5
price_0day$0-$5k$0-$5k
cve_assigned1578351600
cve_nvd_summaryAn exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Do you want to use VulDB in your project?

Use the official API to access entries easily!