CVE-2020-9307

Name of the Vulnerable Software and Affected Versions Hirschmann OS2, RSP, and RSPE devices versions prior to HiOS 08.3.00

Description The issue is related to a denial of service that can be caused by an unauthenticated, adjacent attacker, leading to an infinite loop on one of the HSR ring ports of the device. This breaks the redundancy of the HSR ring. If the attack is performed on a second device, the ring is broken into two parts, disrupting communication between devices in different parts. The vulnerability is also associated with resource release errors in the HiOS operating system.

Recommendations For Hirschmann OS2, RSP, and RSPE devices versions prior to HiOS 08.3.00, update to HiOS 08.3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the HSR ring ports to minimize the risk of exploitation.