Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)

medium Tenable OT Security Plugin ID 502266


The remote OT asset is affected by a vulnerability.


Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Hitachi ABB Power Grids has published an advisory for AFS Series and advises users to update products with available updates. The update removes the vulnerability by modifying the way the switch processes HSR frames.

For additional information and support, contact a product provider or Hitachi ABB Power Grids service organization. For contact information, see Hitachi ABB Power Grids contact-centers.

See Also

Plugin Details

Severity: Medium

ID: 502266

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 6/10/2024

Updated: 6/11/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-9307


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:belden:hirschmann_hios:08, cpe:/o:belden:hirschmann_hios:07

Required KB Items: Tenable.ot/Hirschmann

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2021

Vulnerability Publication Date: 2/11/2021

Reference Information

CVE: CVE-2020-9307

CWE: 835