CVE-2020-6994
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-6994
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
ASP.NET误配置:缺少定制错误页面
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden HiOS 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden HiSecOS是美国百通(Belden)公司的一套用于工业安全路由器的操作系统。 Belden HiOS和HiSecOS中存在输入验证错误漏洞。远程攻击者可借助特制的HTTP请求利用该漏洞在系统上执行任意代码,或导致应用程序崩溃。以下产品及版本受到影响:RSP(HiOS 07.0.02及之前版本);RSPE(HiOS 07.0.02及之前版本);RSPS(HiOS 07.0.02及之前版本);RSPL(HiOS 07.0.02及之前版本);MSP(HiOS 07.0.02及之前版本);EES
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Hirschmann Automation and Control GmbH, a division of Belden Inc. | HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED | 07.0.02 and lower | - | |
| Hirschmann Automation and Control GmbH, a division of Belden Inc. | HiSecOS for device EAGLE20/30 | 03.2.00 and lower | - |
II. Public POCs for CVE-2020-6994
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-6994
请登录查看更多情报信息。
- https://www.us-cert.gov/ics/advisories/icsa-20-091-01x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-6994
V. Comments for CVE-2020-6994
No comments yet