CVE-2020-10639: Buffer Overflow
First published: Wed Apr 15 2020(Updated: )
Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eaton Hmisoft Vu3 Firmware | <=3.00.23 | |
| Eaton HMiSoft VU3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Eaton HMiSoft VU3 vulnerability?
The vulnerability ID for this Eaton HMiSoft VU3 vulnerability is CVE-2020-10639.
What is the severity level of CVE-2020-10639?
The severity level of CVE-2020-10639 is high with a CVSS score of 7.8.
Which versions of Eaton HMiSoft VU3 firmware are affected by CVE-2020-10639?
Eaton HMiSoft VU3 firmware versions up to 3.00.23 are affected by CVE-2020-10639.
Are the HMIVU runtimes affected by CVE-2020-10639?
No, the HMIVU runtimes are not impacted by CVE-2020-10639.
How can a buffer overflow be triggered in the affected product?
A specially crafted input file can trigger a buffer overflow in the affected product.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eaton
- canonical/eaton hmisoft vu3 firmware
- version/eaton hmisoft vu3 firmware/3.00.23
- canonical/eaton hmisoft vu3