CVE-2020-6085 : What You Need to Know
Learn about CVE-2020-6085, a high-severity denial of service vulnerability in Allen-Bradley Flex IO 1794-AENT/B 4.003. Find out the impact, affected systems, and mitigation steps.
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service.
Understanding CVE-2020-6085
This CVE involves a denial of service vulnerability in Allen-Bradley Flex IO 1794-AENT/B 4.003.
What is CVE-2020-6085?
The vulnerability allows an attacker to disrupt communications with the device by sending a malicious network request.
The Impact of CVE-2020-6085
The vulnerability has a CVSS base score of 7.5, indicating a high severity level with a significant impact on availability.
Technical Details of CVE-2020-6085
This section provides technical details of the vulnerability.
Vulnerability Description
The vulnerability is a denial of service issue in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.
Affected Systems and Versions
- Product: Allen Bradley
- Version: Allen-Bradley Flex IO 1794-AENT/B 4.003
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Mitigation and Prevention
Steps to address and prevent the vulnerability.
Immediate Steps to Take
- Apply vendor patches or updates promptly.
- Implement network segmentation to limit the impact of potential attacks.
Long-Term Security Practices
- Regularly monitor network traffic for any suspicious activity.
- Conduct security assessments and penetration testing to identify vulnerabilities.
Patching and Updates
- Stay informed about security advisories from the vendor.
- Keep systems up to date with the latest security patches.