Hirschmann Automation and Control HiOS and HiSecOS Products Buffer Copy Without Checking Size of Input (CVE-2020-6994)

critical Tenable OT Security Plugin ID 502259

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Hirschmann recommends updating HiOS products to Version 07.0.03 or higher and HiSecOS products to Version 03.3.00 or higher.

Hirschmann also recommends, as a workaround, users either use the “IP Access Restriction” feature to restrict HTTP and HTTPS to trusted IP addresses, or disable the HTTP and HTTPS server.

For more information regarding this vulnerability and the associated mitigations, please see Belden security bulletin number BSECV-2020-01.

For additional resources, please go to https://www.belden.com/security.

See Also

https://www.us-cert.gov/ics/advisories/icsa-20-091-01

Plugin Details

Severity: Critical

ID: 502259

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 6/10/2024

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-6994

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:belden:hirschmann_eagle30, cpe:/o:belden:hirschmann_rail_switch, cpe:/o:belden:hirschmann_eagle20, cpe:/o:belden:hirschmann_greyhound

Required KB Items: Tenable.ot/Hirschmann

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2020

Vulnerability Publication Date: 4/3/2020

Reference Information

CVE: CVE-2020-6994

CWE: 120

ICSA: 20-091-01