Sign-up

ID

VAR-202003-1386


CVE

CVE-2020-9464


TITLE

BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-21089 // CNNVD: CNNVD-202003-774

DESCRIPTION

A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting. The vulnerability stems from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.16

sources: NVD: CVE-2020-9464 // JVNDB: JVNDB-2020-002837 // CNVD: CNVD-2020-21089

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21089

AFFECTED PRODUCTS

vendor:beckhoffmodel:bk9000scope:eqversion:*

Trust: 1.0

vendor:beckhoff automationmodel:bk9000scope: - version: -

Trust: 0.8

vendor:beckhoffmodel:ethernet tcp/ip bus coupler bk9000scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-21089 // JVNDB: JVNDB-2020-002837 // NVD: CVE-2020-9464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9464
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002837
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-21089
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-774
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9464
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002837
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21089
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9464
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002837
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21089 // JVNDB: JVNDB-2020-002837 // CNNVD: CNNVD-202003-774 // NVD: CVE-2020-9464

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2020-002837 // NVD: CVE-2020-9464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-774

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202003-774

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002837

PATCH
title:Top Pageurl:https://beckhoff.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002837

EXTERNAL IDS
db:NVDid:CVE-2020-9464
Trust: 3.0
db:CERT@VDEid:VDE-2020-005
Trust: 2.4
db:JVNDBid:JVNDB-2020-002837
Trust: 0.8
db:CNVDid:CNVD-2020-21089
Trust: 0.6
db:CNNVDid:CNNVD-202003-774
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21089 // 
            
            
            
            JVNDB: JVNDB-2020-002837 // 
            
            
            
            CNNVD: CNNVD-202003-774 // 
            
            
            
            NVD: CVE-2020-9464

REFERENCES
url:https://cert.vde.com/en-us/advisories/vde-2020-005
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-9464
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9464
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002837 // 
            
            
            
            CNNVD: CNNVD-202003-774 // 
            
            
            
            NVD: CVE-2020-9464

SOURCES
db:CNVDid:CNVD-2020-21089
db:JVNDBid:JVNDB-2020-002837
db:CNNVDid:CNNVD-202003-774
db:NVDid:CVE-2020-9464

LAST UPDATE DATE
2024-11-23T21:51:36.922000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21089date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-002837date:2020-03-26T00:00:00
db:CNNVDid:CNNVD-202003-774date:2020-04-01T00:00:00
db:NVDid:CVE-2020-9464date:2024-11-21T05:40:41.890

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21089date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-002837date:2020-03-26T00:00:00
db:CNNVDid:CNNVD-202003-774date:2020-03-12T00:00:00
db:NVDid:CVE-2020-9464date:2020-03-12T14:15:21.863