CVE-2020-6086

Name of the Vulnerable Software and Affected Versions Allen-Bradley Flex IO 1794-AENT/B (affected versions not specified)

Description A denial of service issue exists in the ENIP Request Path Data Segment functionality. It can be triggered by a specially crafted network request, causing a loss of communications with the device. This occurs when the Simple Segment Sub-Type is supplied and the byte following it represents a Data Size in words that exceeds the remaining packet data, leading to a fault state where communication is lost. A physical power cycle is required to recover from this state.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.