PT-2020-12263 · Eaton · Eaton Hmisoft Vu3

Published

2020-04-15

Updated

2020-04-22

CVE-2020-10639

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eaton HMiSoft VU3 versions 3.00.23 and prior

Description A specially crafted input file could cause a buffer overflow when loaded by the affected product. The issue is related to file parsing and can lead to remote code execution.

Recommendations For Eaton HMiSoft VU3 versions 3.00.23 and prior, update to a version later than 3.00.23 to resolve the issue. As a temporary workaround, consider restricting the loading of specially crafted input files to minimize the risk of exploitation.

Fix

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-121

Related Identifiers

CVE-2020-10639

ZDI-20-471

ZDI-20-472

ZDI-20-473

ZDI-20-474

ZDI-20-475

ZDI-20-476

ZDI-20-477

ZDI-20-478

ZDI-20-479

ZDI-20-480

ZDI-20-481

ZDI-20-482

ZDI-20-483

ZDI-20-484

ZDI-20-485

ZDI-20-486

ZDI-20-487

ZDI-20-488

ZDI-20-489

Affected Products

Eaton Hmisoft Vu3

PT-2020-12263 · Eaton · Eaton Hmisoft Vu3

CVE-2020-10639

Weakness Enumeration

Related Identifiers

Affected Products

References · 22