{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2020-37216/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2020-37216"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["dos","cve-2020-37216","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eHirschmann HiOS is vulnerable to a denial-of-service (DoS) condition due to improper handling of packet length fields within the EtherNet/IP stack. This vulnerability, identified as CVE-2020-37216, affects HiOS devices with versions prior to 08.1.00 and 07.1.01. A remote attacker can exploit this flaw by sending specially crafted UDP EtherNet/IP packets where the specified length value exceeds the actual packet size. Successful exploitation leads to a device crash or hang, rendering it inoperable and disrupting network communications. This vulnerability was reported and published in April 2026. Defenders should prioritize patching or mitigating this vulnerability to maintain network availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies vulnerable Hirschmann HiOS device on the network.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious UDP EtherNet/IP packet.\u003c/li\u003e\n\u003cli\u003eThe crafted packet includes a length field with a value exceeding the actual packet size.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted UDP EtherNet/IP packet to the targeted HiOS device.\u003c/li\u003e\n\u003cli\u003eThe HiOS device attempts to process the malformed packet.\u003c/li\u003e\n\u003cli\u003eDue to the improper handling of the invalid length field, the EtherNet/IP stack within the HiOS device encounters an error.\u003c/li\u003e\n\u003cli\u003eThe error causes the HiOS device to crash or hang.\u003c/li\u003e\n\u003cli\u003eThe device becomes inoperable, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2020-37216 results in a denial-of-service condition on the affected Hirschmann HiOS device. This can disrupt critical network communications and potentially impact industrial control systems relying on the affected device. The number of affected devices and organizations depends on the prevalence of vulnerable HiOS versions within operational networks. A successful attack could lead to temporary or prolonged outages, impacting productivity and availability of industrial processes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Hirschmann HiOS devices to versions 08.1.00 or 07.1.01 or later to patch CVE-2020-37216.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious UDP EtherNet/IP packets with abnormally large length fields destined for Hirschmann HiOS devices, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a successful denial-of-service attack.\u003c/li\u003e\n\u003cli\u003eReview and harden the configuration of Hirschmann HiOS devices according to vendor best practices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T21:17:08Z","date_published":"2026-04-03T21:17:08Z","id":"/briefs/2026-04-hios-dos/","summary":"A denial-of-service vulnerability in Hirschmann HiOS devices allows remote attackers to crash or hang the device by sending crafted UDP EtherNet/IP packets with invalid length fields.","title":"Hirschmann HiOS EtherNet/IP Stack Denial-of-Service Vulnerability (CVE-2020-37216)","url":"https://feed.craftedsignal.io/briefs/2026-04-hios-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2020-37216","version":"https://jsonfeed.org/version/1.1"}