CVE-2020-6994

Опубликовано: 03 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.

Ссылки

https://www.us-cert.gov/ics/advisories/icsa-20-091-01
Mitigation
Third Party Advisory
US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-091-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

Версия до 07.0.02 (включая)

Одно из

cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch_extended:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_greyhound_swtich:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_mice_switch_power:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_octopus:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_prp_redbox:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_rail_switch_power:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_rail_switch_power_enhanced:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:belden:hirschmann_hisecos:*:*:*:*:*:*:*:*

Версия до 03.2.00 (включая)

Одно из

cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-12

CWE-120

Связанные уязвимости

GHSA-299q-28qj-ch6v

github

около 3 лет назад

BDU:2022-06731