CVE-2020-6994 CRITICAL

Published: 2020-04-03 | Last Modified: 2024-11-21 | Status: Modified

Description

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.

Additional Descriptions (1)

Se detectó una vulnerabilidad de desbordamiento de búfer en algunos dispositivos de Hirschmann Automation and Control HiOS y HiSecOS. La vulnerabilidad es debido al análisis inapropiado de los argumentos de la URL. Un atacante podría explotar esta vulnerabilidad mediante peticiones HTTP especialmente diseñadas para desbordar un búfer interno. Los siguientes dispositivos que usan HiOS Versión 07.0.02 y anteriores están afectados: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. Los siguientes dispositivos que usan HiSecOS Versión 03.2.00 y anteriores están afectados: EAGLE20 / 30.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-12
[email protected]	Primary	en CWE-120

Affected Products

Vendor	Product	Version	Update	Type
belden	hirschmann_hios	*	<built-in method update of dict object at 0x72a96331fe00>	Operating System
belden	hirschmann_hisecos	*	<built-in method update of dict object at 0x72a9cc38c4c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:belden:hirschmann_hios::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch_extended:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_greyhound_swtich:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_mice_switch_power:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_octopus:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_prp_redbox:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_rail_switch_power:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_rail_switch_power_enhanced:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:belden:hirschmann_hisecos::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:belden:hirschmann_eagle20:-:::::::*`
No	`cpe:2.3:h:belden:hirschmann_eagle30:-:::::::*`

References

https://www.us-cert.gov/ics/advisories/icsa-20-091-01
Source: [email protected]

Mitigation Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-091-01
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory US Government Resource