Buffer Overflow Vulnerability in Hirschmann Automation and Control Products
CVE-2020-6994

9.8CRITICAL

Key Information:

Vendor

Hirschmann Automation And Control Gmbh, A Division Of Belden Inc.

Status
HiOS For The Following Devices Rsp, Rspe, Rsps, Rspl, Msp, Ees, Ees, Eesx, Grs, Os, Red
Hisecos For Device Eagle20/30
Vendor
CVE Published:
3 April 2020

What is CVE-2020-6994?

A buffer overflow vulnerability has been identified in various devices of Hirschmann Automation and Control utilizing HiOS and HiSecOS. This issue arises from inadequate parsing of URL arguments, allowing attackers to exploit the vulnerability by sending specially crafted HTTP requests that can overflow an internal buffer. Devices operating on HiOS Version 07.0.02 or lower, such as the RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, and RED, as well as devices on HiSecOS Version 03.2.00 or lower, specifically EAGLE20 and EAGLE30, are at risk. Proactive measures should be taken to secure these devices as potential exploitation could lead to unauthorized access or control.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED 07.0.02 and lower

HiSecOS for device EAGLE20/30 03.2.00 and lower

References

https://www.us-cert.gov/ics/advisories/icsa-20-091-01
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.