Vulnerability Description
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emerson | Ovation Ocr400 Firmware | <= 3.3.1 |
| Emerson | Ovation Ocr400 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108499Broken LinkThird Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108499Broken LinkThird Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-10965?
CVE-2019-10965 is a vulnerability with a CVSS score of 8.8 (HIGH). In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP servic...
How severe is CVE-2019-10965?
CVE-2019-10965 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10965?
Check the references section above for vendor advisories and patch information. Affected products include: Emerson Ovation Ocr400 Firmware, Emerson Ovation Ocr400.