CVE-2020-6994: Buffer Overflow
First published: Fri Apr 03 2020(Updated: )
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Belden Hirschmann HIOS | <=07.0.02 | |
| Belden Hirschmann Embedded Ethernet Switch | ||
| Belden Hirschmann Embedded Ethernet Switch Extended | ||
| Belden Hirschmann Greyhound Switch | ||
| Belden Hirschmann Mice Switch Power | ||
| Belden Hirschmann Octopus | ||
| Belden Hirschmann PRP RedBox | ||
| Belden Hirschmann Rail Switch Power | ||
| Belden Hirschmann Rail Switch Power Enhanced | ||
| Belden Hirschmann Rail Switch Power Lite | ||
| Belden Hirschmann Rail Switch Power Smart | ||
| Hirschmann HiSecOS | <=03.2.00 | |
| Belden Hirschmann Eagle20 | ||
| Belden Hirschmann Eagle30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6994?
CVE-2020-6994 is a buffer overflow vulnerability found in some devices of Hirschmann Automation and Control HiOS and HiSecOS.
How does CVE-2020-6994 affect the affected software?
CVE-2020-6994 affects Belden Hirschmann Hios and Belden Hirschmann Hisecos versions up to and including 07.0.02 and 03.2.00, respectively.
What is the severity of CVE-2020-6994?
CVE-2020-6994 has a severity rating of 9.8 (Critical).
How can an attacker exploit CVE-2020-6994?
An attacker can exploit CVE-2020-6994 by crafting specially crafted HTTP requests to overflow an internal buffer.
Where can I find more information about CVE-2020-6994?
You can find more information about CVE-2020-6994 at the following link: [https://www.us-cert.gov/ics/advisories/icsa-20-091-01](https://www.us-cert.gov/ics/advisories/icsa-20-091-01)
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/belden
- canonical/belden hirschmann hios
- version/belden hirschmann hios/07.0.02
- canonical/belden hirschmann embedded ethernet switch
- canonical/belden hirschmann embedded ethernet switch extended
- canonical/belden hirschmann greyhound switch
- canonical/belden hirschmann mice switch power
- canonical/belden hirschmann octopus
- canonical/belden hirschmann prp redbox
- canonical/belden hirschmann rail switch power
- canonical/belden hirschmann rail switch power enhanced
- canonical/belden hirschmann rail switch power lite
- canonical/belden hirschmann rail switch power smart
- canonical/hirschmann hisecos
- version/hirschmann hisecos/03.2.00
- canonical/belden hirschmann eagle20
- canonical/belden hirschmann eagle30