A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83

Port Charlotte Overview :

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.

Örebro Affected Product(s) :

OpenEnterprise Server 2.83 is affected if Modbus or ROC Interfaces have been installed and are in use
OpenEnterprise 3.1 through 3.3.3, all versions

Vulnerability Details :

CVE ID :

CVE-2020-6970

A specially crafted script could execute code on the OpenEnterprise Server.

CVE-2020-6970 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Solution :

Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 4 (3.3.4), to resolve this issue. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION