A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83

Overview :

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.

Affected Product(s) :

OpenEnterprise Server 2.83 is affected if Modbus or ROC Interfaces have been installed and are in use
OpenEnterprise 3.1 through 3.3.3, all versions

Vulnerability Details :

CVE ID :

CVE-2020-6970

A specially crafted script could execute code on the OpenEnterprise Server.

CVE-2020-6970 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Solution :

Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 4 (3.3.4), to resolve this issue. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION