CVE-2020-37216

Vulnerability

The Hirschmann HiOS firmware (versions prior to 08.1.00 and 07.1.01) contains a denial-of-service (DoS) vulnerability in its EtherNet/IP stack. The root cause is improper input validation (CWE-20) of packet length fields: the stack assumes the declared length is correct, but an attacker can supply a length value larger than the actual packet payload. This discrepancy triggers an internal error that crashes or hangs the device, requiring a power cycle to recover [1].

Exploitation

The attack surface is the EtherNet/IP UDP port (commonly port 44818). An attacker does not need authentication, prior knowledge of credentials, or any special privileges – only network access to the target device. By sending a single malformed EtherNet/IP packet with an artificially inflated length field, the attacker can induce the DoS condition [1].

Impact

Successful exploitation renders the device inoperable until it is manually rebooted. For industrial environments using Hirschmann HiOS devices as managed switches or routers, this can halt production, isolate network segments, or disable critical monitoring functions. The CVSS v3 base score is 7.5 (High), with a vector reflecting network attack vector, low complexity, no privileges required, and high availability impact [1].

Mitigation

The vendor has released fixed firmware versions 08.1.00 and 07.1.01. Users should upgrade to these versions or later. No workaround other than restricting network access to the EtherNet/IP port via ACLs or firewall rules is advised, but such measures may not be feasible in all industrial control system (ICS) deployments [1].