CVE-2020-37216
Published: 03 April 2026
Summary
CVE-2020-37216 is a high-severity Improper Input Validation (CWE-20) vulnerability in Belden (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-37216 is a denial-of-service vulnerability affecting Hirschmann HiOS devices running versions prior to 08.1.00 and 07.1.01. The issue resides in the EtherNet/IP stack, where improper handling of packet length fields (classified under CWE-20) enables remote exploitation. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high-impact availability disruption without requiring authentication or user interaction.
Remote attackers with network access to the device can exploit this vulnerability by sending specially crafted UDP EtherNet/IP packets that specify a length value larger than the actual packet size. Successful exploitation causes the device to crash or hang, rendering it inoperable and disrupting network operations dependent on the affected Hirschmann device.
Mitigation details are outlined in the Belden Security Bulletin BSECV-2019-14 and the VulnCheck advisory on the Hirschmann HiOS EtherNet/IP stack denial-of-service vulnerability, available at the respective reference URLs.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31212
Vulnerability details
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted…
more
UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct match to application/system exploitation causing endpoint DoS via crafted network packets.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the EtherNet/IP stack flaw through patching to Hirschmann HiOS versions 08.1.00 or 07.1.01 as specified in the Belden Security Bulletin.
Directly protects against denial-of-service attacks by monitoring, detecting, and limiting specially crafted UDP EtherNet/IP packets with oversized length fields.
Enforces boundary protections such as firewalls or IPS to filter and block malformed EtherNet/IP packets from reaching the vulnerable device.