Vulnerability Description
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emerson | Ovation Ocr400 Firmware | <= 3.3.1 |
| Emerson | Ovation Ocr400 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108499Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108499Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-10967?
CVE-2019-10967 is a vulnerability with a CVSS score of 8.8 (HIGH). In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST ...
How severe is CVE-2019-10967?
CVE-2019-10967 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10967?
Check the references section above for vendor advisories and patch information. Affected products include: Emerson Ovation Ocr400 Firmware, Emerson Ovation Ocr400.