CVE-2019-10967 | xxxCVE-2019-10967 – xxx
菜单






CVE-2019-10967

九月 30, 2020 - 未分类

  1. CVE-Search
  2. CVE-2019-10967
ID CVE-2019-10967
SummaryIn Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.
References
Vulnerable Configurations
  • cpe:2.3:o:emerson:ovation_ocr400_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:emerson:ovation_ocr400_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:emerson:ovation_ocr400:-:*:*:*:*:*:*:*
    cpe:2.3:h:emerson:ovation_ocr400:-:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 01-10-2020 – 16:44)
Impact:
Exploitability:
CWECWE-787
CAPEC

    Access
    VectorComplexityAuthentication
    NETWORKLOWSINGLE
    Impact
    ConfidentialityIntegrityAvailability
    PARTIALPARTIALPARTIAL
    cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
    refmap via4
    bid 108499
    misc https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01
    Last major update01-10-2020 – 16:44
    Published28-05-2019 – 22:29
    Last modified01-10-2020 – 16:44







    Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51