CVE-2019-10967

Опубликовано: 28 мая 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.

Ссылки

http://www.securityfocus.com/bid/108499
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/108499
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:emerson:ovation_ocr400_firmware:*:*:*:*:*:*:*:*

Версия до 3.3.1 (включая)

cpe:2.3:h:emerson:ovation_ocr400:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06131

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-6chh-6wqr-3697

github

больше 3 лет назад