CVE-2020-6994 — CRITICAL (9.8)

Q: How severe is CVE-2020-6994?

CVE-2020-6994 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6994?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Hios, Belden Hirschmann Embedded Ethernet Switch, Belden Hirschmann Embedded Ethernet Switch Extended, Belden Hirschmann Greyhound Swtich, Belden Hirschmann Mice Switch Power.

Vulnerability Description

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Belden	Hirschmann Hios	<= 07.0.02
Belden	Hirschmann Embedded Ethernet Switch	-
Belden	Hirschmann Embedded Ethernet Switch Extended	-
Belden	Hirschmann Greyhound Swtich	-
Belden	Hirschmann Mice Switch Power	-
Belden	Hirschmann Octopus	-
Belden	Hirschmann Prp Redbox	-
Belden	Hirschmann Rail Switch Power	-
Belden	Hirschmann Rail Switch Power Enhanced	-
Belden	Hirschmann Rail Switch Power Lite	-
Belden	Hirschmann Rail Switch Power Smart	-
Belden	Hirschmann Hisecos	<= 03.2.00
Belden	Hirschmann Eagle20	-
Belden	Hirschmann Eagle30	-

Related Weaknesses (CWE)

CWE-120 CWE-12

References

https://www.us-cert.gov/ics/advisories/icsa-20-091-01MitigationThird Party AdvisoryUS Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-091-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6994?

CVE-2020-6994 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploi...

How severe is CVE-2020-6994?

CVE-2020-6994 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6994?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Hios, Belden Hirschmann Embedded Ethernet Switch, Belden Hirschmann Embedded Ethernet Switch Extended, Belden Hirschmann Greyhound Swtich, Belden Hirschmann Mice Switch Power.