CVE-2020-6994

Name of the Vulnerable Software and Affected Versions Hirschmann Automation and Control HiOS versions 07.0.02 and lower Hirschmann Automation and Control HiSecOS versions 03.2.00 and lower

Description A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer.

Recommendations For HiOS versions 07.0.02 and lower, consider disabling the HTTP request parsing functionality until a patch is available. For HiSecOS versions 03.2.00 and lower, restrict access to the vulnerable module to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable URL parameters in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.