CVE-2020-37216
Denial of Service in Hirschmann HiOS EtherNet/IP Stack
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hios | to 08.1.00 (exc) |
| hirschmann | hios | to 07.1.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Hirschmann HiOS devices running versions prior to 08.1.00 and 07.1.01. It is a denial of service (DoS) issue in the EtherNet/IP stack caused by improper handling of packet length fields.
Remote attackers can exploit this by sending specially crafted UDP EtherNet/IP packets where the length value is larger than the actual packet size. This causes the device to crash or hang, rendering it inoperable.
How can this vulnerability impact me? :
The vulnerability can cause affected Hirschmann HiOS devices to crash or become unresponsive when they receive maliciously crafted packets. This results in a denial of service, potentially disrupting network operations and device availability.