CVE-2020-6994
published 2020-04-03CVE-2020-6994: A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.61%
72.8th percentile
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belden | hirschmann_hios | <= 07.0.02 | — |
| belden | hirschmann_hisecos | <= 03.2.00 | — |
| hirschmann_automation_and_control_gmbh_a_division_of_belden_inc | hisecos_for_device_eagle20_30 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy AFS660/AFS665
cisa_ics·2022-09-27·CVSS 9.8
[CRITICAL] Hitachi Energy AFS660/AFS665
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy AFS660/AFS665
Last RevisedSeptember 27, 2022
Alert CodeICSA-22-270-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: AFS660/AFS665
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to overflow an internal buffer and fully compromise the target device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports this vulnerability affects the following AFS660/AFS665 industrial s
CISA ICS
Hitachi Energy AFF660/665 Series
cisa_ics·2022-09-20·CVSS 9.8
[CRITICAL] Hitachi Energy AFF660/665 Series
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy AFF660/665 Series
Last RevisedSeptember 20, 2022
Alert CodeICSA-22-263-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: AFF660/665 Firewall
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could overflow a buffer on the device and fully compromise it.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Hitachi Energy AFF660/665, an industrial firewall, are affected:
- Hitachi Energy A
CISA ICS
Hirschmann Automation and Control HiOS and HiSecOS Products
cisa_ics·2020-03-31·CVSS 9.8
[CRITICAL] Hirschmann Automation and Control HiOS and HiSecOS Products
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hirschmann Automation and Control HiOS and HiSecOS Products
Last RevisedMarch 31, 2020
Alert CodeICSA-20-091-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Hirschmann Automation and Control GmbH, a division of Belden Inc.
- Equipment: HiOS, HiSecOS
- Vulnerability: Classic Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Th
GHSA
GHSA-299q-28qj-ch6v: A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS
ghsa_unreviewed·2022-05-24
CVE-2020-6994 [HIGH] CWE-120 GHSA-299q-28qj-ch6v: A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-03
Published