PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3812 Cisco CVE debrief

CVE-2017-3812 is a Cisco Industrial Ethernet 2000 Series Switch vulnerability in Common Industrial Protocol (CIP) handling that can let an unauthenticated remote attacker trigger a denial of service condition by causing a system memory leak. The issue is documented by Cisco and NVD, with the affected firmware identified as 15.2(5.4.32i)E2 and the fixed release as 15.2(5.4.62i)E2. In the supplied record, the issue is rated CVSS 3.0 6.8 (MEDIUM) and maps to a DoS-focused resource-management weakness (CWE-772).

Vendor
Cisco
Product
CVE-2017-3812
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-03
Original CVE updated
2026-05-13
Advisory published
2017-02-03
Advisory updated
2026-05-13

Who should care

Cisco Industrial Ethernet 2000 operators, OT/ICS network administrators, and incident responders responsible for switch firmware lifecycle and availability monitoring should care most, especially where these switches support production or safety-relevant networks.

Technical summary

The vulnerability is in the CIP implementation on Cisco Industrial Ethernet 2000 Series Switches. An unauthenticated remote attacker can induce a system memory leak that degrades availability and can lead to a denial of service. NVD lists CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H and associates the issue with CWE-772. The supplied NVD data shows one vulnerable firmware line: industrial_ethernet_2000_series_firmware up to and including 15.2(5.4.32i)E2; the record also enumerates multiple specific switch CPEs as non-vulnerable.

Defensive priority

Medium for any environment still running the affected firmware, because the impact is remote, unauthenticated, and availability-focused, but the fix is straightforward and the record does not indicate active exploitation in the supplied corpus.

Recommended defensive actions

  • Inventory Cisco Industrial Ethernet 2000 switches and confirm whether any devices run firmware at or below 15.2(5.4.32i)E2.
  • Upgrade affected devices to 15.2(5.4.62i)E2 or a later vendor-fixed release.
  • Validate the exact model and firmware mapping against the NVD CPE data before planning remediation.
  • Review OT/ICS network segmentation and management-plane exposure so these switches are not unnecessarily reachable from untrusted networks.
  • Monitor affected sites for unexplained reloads, degraded availability, or memory-related instability until remediation is complete.
  • Use the Cisco advisory referenced in the NVD record as the primary vendor guidance for remediation planning.

Evidence notes

This debrief is based on the supplied NVD modified record and Cisco-referenced advisory links. The core facts supported by the corpus are: CIP functionality on Cisco Industrial Ethernet 2000 Series Switches is vulnerable; the attacker can be unauthenticated and remote; the impact is denial of service due to a system memory leak; the affected release is 15.2(5.4.32i)E2; and the fixed release is 15.2(5.4.62i)E2. The CVE publication date used here is the supplied 2017-02-03 timestamp, while the 2026-05-13 timestamp is treated as record modification context only.

Official resources

Publicly disclosed on 2017-02-03. The supplied NVD record was last modified on 2026-05-13; that modification date is not the vulnerability’s original issue date.