Cyber Resilience

CVE-2020-37216

HighPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0092 55.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37216 is a high-severity Improper Input Validation (CWE-20) vulnerability in Belden (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-37216 is a denial-of-service vulnerability affecting Hirschmann HiOS devices running versions prior to 08.1.00 and 07.1.01. The issue resides in the EtherNet/IP stack, where improper handling of packet length fields (classified under CWE-20) enables remote exploitation. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high-impact availability disruption without requiring authentication or user interaction.

Remote attackers with network access to the device can exploit this vulnerability by sending specially crafted UDP EtherNet/IP packets that specify a length value larger than the actual packet size. Successful exploitation causes the device to crash or hang, rendering it inoperable and disrupting network operations dependent on the affected Hirschmann device.

Mitigation details are outlined in the Belden Security Bulletin BSECV-2019-14 and the VulnCheck advisory on the Hirschmann HiOS EtherNet/IP stack denial-of-service vulnerability, available at the respective reference URLs.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted…

more

UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct match to application/system exploitation causing endpoint DoS via crafted network packets.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22862Shared CWE-20
CVE-2025-59028Shared CWE-20
CVE-2026-24195Shared CWE-20
CVE-2026-25892Shared CWE-20
CVE-2024-38307Shared CWE-20
CVE-2025-61615Shared CWE-20
CVE-2025-57834Shared CWE-20
CVE-2026-28894Shared CWE-20
CVE-2025-61611Shared CWE-20
CVE-2024-56437Shared CWE-20

Affected Assets

Belden
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the EtherNet/IP stack flaw through patching to Hirschmann HiOS versions 08.1.00 or 07.1.01 as specified in the Belden Security Bulletin.

preventdetect

Directly protects against denial-of-service attacks by monitoring, detecting, and limiting specially crafted UDP EtherNet/IP packets with oversized length fields.

prevent

Enforces boundary protections such as firewalls or IPS to filter and block malformed EtherNet/IP packets from reaching the vulnerable device.

References