{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2020-37216", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-03T15:51:05.544Z", "datePublished": "2026-04-03T20:19:25.269Z", "dateUpdated": "2026-05-14T02:06:50.210Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:06:50.210Z"}, "title": "Hirschmann HiOS EtherNet/IP Stack Denial of Service", "descriptions": [{"lang": "en", "value": "Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable."}], "datePublic": "2020-09-09T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "type": "CWE"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiOS", "versions": [{"status": "unaffected", "version": ">= 08.1.00", "versionType": "custom"}, {"status": "unaffected", "version": ">= 07.1.01", "versionType": "custom"}, {"status": "affected", "version": "05.00.00", "versionType": "custom", "lessThanOrEqual": "08.0.00"}], "defaultStatus": "affected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "references": [{"url": "https://assets.belden.com/m/3d3e2cbfa4860258/original/Belden-Security-Bulletin-BSECV-2019-14.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hios-ethernet-ip-stack-denial-of-service", "tags": ["third-party-advisory"]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-04T03:22:43.470099Z", "id": "CVE-2020-37216", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:23:19.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-37216", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-04T03:22:43.470099Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:23:13.641Z"}}], "cna": {"title": "Hirschmann HiOS EtherNet/IP Stack Denial of Service", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiOS", "versions": [{"status": "unaffected", "version": ">= 08.1.00", "versionType": "custom"}, {"status": "unaffected", "version": ">= 07.1.01", "versionType": "custom"}, {"status": "affected", "version": "05.00.00", "versionType": "custom", "lessThanOrEqual": "08.0.00"}], "defaultStatus": "affected"}], "datePublic": "2020-09-09T00:00:00.000Z", "references": [{"url": "https://assets.belden.com/m/3d3e2cbfa4860258/original/Belden-Security-Bulletin-BSECV-2019-14.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hios-ethernet-ip-stack-denial-of-service", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:06:50.210Z"}}}, "cveMetadata": {"cveId": "CVE-2020-37216", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:06:50.210Z", "dateReserved": "2026-04-03T15:51:05.544Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-03T20:19:25.269Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable."}], "id": "CVE-2020-37216", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-03T21:17:08.213", "references": [{"source": "disclosure@vulncheck.com", "url": "https://assets.belden.com/m/3d3e2cbfa4860258/original/Belden-Security-Bulletin-BSECV-2019-14.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/hirschmann-hios-ethernet-ip-stack-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[08.1.00,*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[07.1.01,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[05.00.00,08.0.00]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Hirschmann HiOS", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hios", "vendor": "belden"}], "analysis": {"en": {"generated_at": "2026-04-03T23:53:10.693061+00:00", "value": {"mitigation_remediation": ["Identify all Hirschmann HiOS devices with firmware versions earlier than 08.1.00 or 07.1.01.", "Verify current firmware versions and compare against vendor\u2019s affected list.", "If a newer firmware release exists, download the update from the vendor\u2019s support portal and apply it following the official procedures.", "Until the update is applied, isolate the affected devices from untrusted networks or block UDP port 44818 using network controls.", "Monitor device logs for crashes or hangs that may indicate exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Devices running Belden Hirschmann HiOS firmware versions earlier than 08.1.00 and 07.1.01 are impacted. These versions are found on network gateways and industrial controllers that deploy the HiOS operating system.", "description_and_impact": "The vulnerability resides in the EaetherNet/IP stack of certain Hirschmann HiOS devices. Improper validation of packet length fields allows a remote attacker to craft a UDP EtherNet/IP packet that declares a larger size than the actual payload, leading the stack to crash or hang. This results in a denial of service and leaves the device inoperable. The weakness is classified as CWE-20, input validation error.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.7, indicating high severity. EPSS data is not available, but the vulnerability can be triggered over the network without authentication by sending crafted UDP packets on the standard EtherNet/IP port. Because the exploit requires no user interaction, exposed devices face a realistic risk of interruption, and the issue is not currently listed in CISA\u2019s KEV catalog."}}}}, "created": "2026-04-06T21:22:46.288172+00:00", "updated": "2026-04-06T22:22:23.734966+00:00", "vendors": ["belden", "belden$PRODUCT$hirschmann_hios"]}