CVE-2020-6994
03.04.2020, 19:15
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
| Vendor | Product | Version |
|---|---|---|
| belden | hirschmann_hios | 𝑥 ≤ 07.0.02 |
| belden | hirschmann_hisecos | 𝑥 ≤ 03.2.00 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-12 - ASP.NET Misconfiguration: Missing Custom Error PageAn ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.