Vulnerabilites related to Emerson - OpenEnterprise
CVE-2020-6970 (GCVE-0-2020-6970)
Vulnerability from cvelistv5
Published
2020-02-19 20:19
Modified
2024-08-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW
Summary
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Emerson | OpenEnterprise SCADA Server |
Version: 2.83 (if Modbus or ROC Interfaces have been installed and are in use) |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEnterprise SCADA Server",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
},
{
"product": "OpenEnterprise",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "3.1 through 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:19:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6970",
"datePublished": "2020-02-19T20:19:55",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}