CRITICAL🇬🇧 English

CVE-2020-6994

CVSS 9.8v3.1pub. 2020-04-03upd. 2024-11-21

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Belden Hirschmann Eagle20

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Eagle30

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Embedded Ethernet Switch

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Embedded Ethernet Switch Extended

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Greyhound Swtich

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Hios

    OS
    Belden
    ≤ 07.0.02
  • Belden Hirschmann Hisecos

    OS
    Belden
    ≤ 03.2.00
  • Belden Hirschmann Mice Switch Power

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Octopus

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Prp Redbox

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Rail Switch Power

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Rail Switch Power Enhanced

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Rail Switch Power Lite

    HW
    Belden
    wszystkie wersje
  • Belden Hirschmann Rail Switch Power Smart

    HW
    Belden
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2021-27734CRITICAL9.8ten sam produkt

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote...

CVE-2019-12262CRITICAL9.8ten sam produkt

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET s...

CVE-2019-12255CRITICAL9.8ten sam produkt

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnera...

CVE-2019-12260CRITICAL9.8ten sam produkt

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET sec...

CVE-2019-12256CRITICAL9.8ten sam produkt

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnera...