CVE-2020-6970: Buffer Overflow
First published: Wed Feb 19 2020(Updated: )
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson OpenEnterprise SCADA Server | >=3.1<=3.3.3 | |
| Emerson OpenEnterprise SCADA Server | =2.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-6970.
What is the title of this vulnerability?
The title of this vulnerability is 'A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83'.
What is the severity of CVE-2020-6970?
The severity of CVE-2020-6970 is critical.
Which software versions are affected by CVE-2020-6970?
Emerson OpenEnterprise SCADA Server versions 2.8.3 and 3.1 through 3.3.3 are affected by CVE-2020-6970.
How can this vulnerability be exploited?
This vulnerability can be exploited by using a specially crafted script that could execute code on the OpenEnterprise Server.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/emerson
- canonical/emerson openenterprise scada server
- version/emerson openenterprise scada server/3.1
- version/emerson openenterprise scada server/3.3.3
- version/emerson openenterprise scada server/2.8.3