CVE-2019-10967

Name of the Vulnerable Software and Affected Versions Emerson Ovation OCR400 Controller versions 3.3.1 and earlier

Description A stack-based buffer overflow issue in the embedded third-party FTP server is caused by improper handling of long file names from the LIST command to the FTP service. This may cause the service to overwrite buffers, potentially leading to remote code execution and escalation of privileges.

Recommendations For versions 3.3.1 and earlier, update to a version later than 3.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the FTP service until a patch is available.