CVE-2020-6994
Last modified
CVE-2020-6994 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. EPSS estimates a 1.61% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Belden | Hirschmann Hios | <= 07.0.02 |
| Belden | Hirschmann Hisecos | <= 03.2.00 |
References
- https://www.us-cert.gov/ics/advisories/icsa-20-091-01Mitigation, Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-091-01Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-6994?
How severe is CVE-2020-6994?
How do I fix CVE-2020-6994?
Are you affected by CVE-2020-6994?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST