PT-2019-12106 · Emerson · Emerson Ovation Ocr400 Controller
Published
2019-05-28
·
Updated
2023-03-24
·
CVE-2019-10965
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Emerson Ovation OCR400 Controller versions 3.3.1 and earlier
Description
A heap-based buffer overflow issue in the embedded third-party FTP server of the Emerson Ovation OCR400 Controller involves improper handling of a long command to the FTP service. This may cause memory corruption, halting the controller or potentially leading to remote code execution and escalation of privileges.
Recommendations
For Emerson Ovation OCR400 Controller versions 3.3.1 and earlier, consider disabling the FTP service until a patch is available to prevent potential exploitation. Restrict access to the controller to minimize the risk of remote code execution and privilege escalation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emerson Ovation Ocr400 Controller