ID | CVE-2019-10967 |
Summary | In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. |
References | |
Vulnerable Configurations | |
CVSS | Base: | 6.5 (as of 01-10-2020 – 16:44) | Impact: | | Exploitability: | |
|
CWE | CWE-787 |
CAPEC | |
Access | Vector | Complexity | Authentication | NETWORK | LOW | SINGLE |
|
Impact | Confidentiality | Integrity | Availability | PARTIAL | PARTIAL | PARTIAL |
|
cvss-vector via4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
refmap via4 | |
Last major update | 01-10-2020 – 16:44 |
Published | 28-05-2019 – 22:29 |
Last modified | 01-10-2020 – 16:44 |