Vulnerability Details CVE-2021-37740
A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.131
EPSS Ranking 93.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- https://github.com/robertguetzkow/CVE-2021-37740
- https://www.mdt.de/EN_IP_Interface_Router.html
- https://www.mdt.de/download/MDT_CL_SCN_IP_03_IP_Interface_Router.pdf
- https://github.com/robertguetzkow/CVE-2021-37740
- https://www.mdt.de/EN_IP_Interface_Router.html
- https://www.mdt.de/download/MDT_CL_SCN_IP_03_IP_Interface_Router.pdf
Products affected by CVE-2021-37740
-
cpe:2.3:h:mdt:scn-ip000.03:-
-
cpe:2.3:h:mdt:scn-ip100.03:-
-
cpe:2.3:o:mdt:scn-ip000.03_firmware:-
-
cpe:2.3:o:mdt:scn-ip000.03_firmware:3.0.0
-
cpe:2.3:o:mdt:scn-ip000.03_firmware:3.0.1
-
cpe:2.3:o:mdt:scn-ip000.03_firmware:3.0.2
-
cpe:2.3:o:mdt:scn-ip000.03_firmware:3.0.3
-
cpe:2.3:o:mdt:scn-ip100.03_firmware:-
-
cpe:2.3:o:mdt:scn-ip100.03_firmware:3.0.0
-
cpe:2.3:o:mdt:scn-ip100.03_firmware:3.0.1
-
cpe:2.3:o:mdt:scn-ip100.03_firmware:3.0.2
-
cpe:2.3:o:mdt:scn-ip100.03_firmware:3.0.3