Natnael Samson (@NattiSamson) working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
4. MITIGATIONS
Eaton ceased manufacturing the HMiVU on December 31, 2018, and marked the HMiVU software as end of life. As a result, Eaton no longer provides technical support, security fixes, or other fixes for the HMiVU software. To better serve users and provide ongoing replacement solutions, HMiVU was replaced with the XV100 and XV300 lines of operator interface products. It is strongly recommended HMiVU users contact Eaton for technical support and migration assistance to the XV solution.
NOTE: Eaton has discontinued the HMiVU product and has asked users to upgrade.
For assistance with transitioning to XV, please work directly with the following contacts:
An Eaton sales contact
Eaton’s Technical Resource Center at 1-877-ETN-CARE (386-2273), Option 2, then Option 5
Information regarding the XV Product offering can be found via the following:
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.
Contact Information
For any questions related to this report, please contact the CISA at:
For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report
CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.
{"id": "ICSA-20-105-01", "type": "ics", "bulletinFamily": "info", "title": "Eaton HMiSoft VU3", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.8**\n * **ATTENTION: **Low skill level to exploit\n * **Vendor:** Eaton\n * **Equipment: **HMiSoft VU3 (HMIVU3 runtime not impacted)\n * **Vulnerabilities:** Stack-based Buffer Overflow, Out-of-bounds Read\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information disclosure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of HMiSoft VU3, a HMI Operator Interface, are affected:\n\n * HMiSoft VU3 Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [STACK-BASED BUFFER OVERFLOW CWE-121](<https://cwe.mitre.org/data/definitions/121.html>)\n\nA specially crafted input file could cause a buffer overflow when loaded by the affected product.\n\n[CVE-2020-10639](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10639>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nA specially crafted input file could trigger an out-of-bounds read when loaded by the affected product.\n\n[CVE-2020-10637](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10637>) has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Ireland\n\n### 3.4 RESEARCHER\n\nNatnael Samson (@NattiSamson) working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nEaton ceased manufacturing the HMiVU on December 31, 2018, and marked the HMiVU software as end of life. As a result, Eaton no longer provides technical support, security fixes, or other fixes for the HMiVU software. To better serve users and provide ongoing replacement solutions, HMiVU was replaced with the XV100 and XV300 lines of operator interface products. It is strongly recommended HMiVU users contact Eaton for technical support and migration assistance to the XV solution.\n\n**NOTE:** Eaton has discontinued the HMiVU product and has asked users to upgrade.\n\nFor assistance with transitioning to XV, please work directly with the following contacts:\n\n * An Eaton sales contact\n * Eaton\u2019s Technical Resource Center at 1-877-ETN-CARE (386-2273), Option 2, then Option 5\n\nInformation regarding the XV Product offering can be found via the following:\n\n * [www.eaton.com/OI](<https://www.eaton.com/OI>)\n * Eaton Catalog\u2014Volume 7, Tab 05\n\nCISA recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not open untrusted files with industrial control systems devices.\n * Do not click web links or open unsolicited attachments in email messages. \n * Refer to [Recognizing and Avoiding Email Scams](<https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams. \n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.us-cert.gov/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-105-01>); we'd welcome your feedback.\n", "published": "2020-04-14T00:00:00", "modified": "2020-04-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.us-cert.gov/ics/advisories/icsa-20-105-01", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-105-01", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-105-01", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-105-01", "https://cwe.mitre.org/data/definitions/121.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10639", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10637", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "https://www.eaton.com/OI", "https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf", "https://www.us-cert.gov/ncas/tips/ST04-014", "https://www.us-cert.gov/ics/recommended-practices", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-105-01", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2020-10637", "CVE-2020-10639"], "lastseen": "2021-02-27T19:49:27", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-10637", "CVE-2020-10639"]}, {"type": "zdi", "idList": ["ZDI-20-491", "ZDI-20-472", "ZDI-20-493", "ZDI-20-478", "ZDI-20-481", "ZDI-20-490", "ZDI-20-488", "ZDI-20-486", "ZDI-20-492", "ZDI-20-485"]}, {"type": "ics", "idList": ["ICSA-20-051-03", "ICSA-18-221-01", "ICSA-17-292-01", "ICSA-16-334-03", "ICSA-18-107-02", "ICSA-17-031-02", "ICSA-313-01", "ICSA-15-239-01", "ICSA-12-263-01", "ICSA-14-259-01A", "ICSA-11-110-01", "ICSA-21-040-10", "ICSA-19-122-01", "ICSA-15-022-01", "ICSA-17-101-01", "ICSMA-18-179-01", "ICSA-18-058-02", "ICSA-16-189-01", "ICSA-18-144-01", "ICSA-13-225-02", "ICSA-13-347-01", "ICSA-20-210-01", "ICSA2012601", "ICSA-16-026-02", "ICSA-17-103-01", "ICSMA-18-088-01", "ICSA-11-147-01B", "ICSA-17-194-03", "ICSMA-17-082-02", "ICSA-20-086-01", "ICSA-17-045-03", "ICSA-20-014-02", "ICSA-13-213-03", "ICSA-12-234-01", "ICSA-19-192-07", "ICSA-11-280-01", "ICSMA-18-107-01", "ICSA-20-287-02", "ICSA-16-166-01", "ICSA-15-246-03", "ICSA-20-212-04", "ICSA-15-027-02", "ICSA-20-105-01", "ICSA-16-173-01", "ICSA-20-170-03", "ICSA-19-171-01", "ICSMA-17-215-02", "ICSA-13-011-02", "ICSA-20-301-01", "ICSA-11-279-02", "ICSA-17-115-02", "ICSA-11-279-01", "ICSA-19-003-01", "ICSMA-17-292-01", "ICSA-21-028-01", "ICSA-13-248-01", "ICSA-19-290-02", "ICSMA-19-353-01", "ICSA-20-154-03", "ICSA-11-223-01A", "ICSA-14-352-01", "ICSMA-17-082-01", "ICSA-16-161-02", "ICSA-17-124-03", "ICSA-18-296-03", "ICSA-18-065-02", "ICSA-12-083-01", "ICSA-11-182-02", "ICSA-17-208-02", "ICSA-20-315-04", "ICSA-19-192-05", "ICSA-19-015-01", "ICSA-20-184-02", "ICSA-19-213-01", "ICSA-14-058-02", "ICSMA-19-022-01", "ICSA-16-357-01", "ICSA-18-352-02", "ICSA-12-122-01", "ICSA-17-157-01", "ICSA-16-196-01", "ICSA-10-097-01", "ICSA-16-350-01", "ICSA-21-056-04", "ICSA-20-163-02", "ICSA-21-007-04", "ICSA-12-249-03", "ICSA-20-072-03", "ICSA2012602", "ICSA-19-344-06", "ICSA-17-299-02", "ICSMA-21-047-01", "ICSA-20-196-04", "ICSA-19-239-01", "ICSA-19-353-03", "ICSA-19-190-01", "ICSA-16-348-02", "ICSA-17-173-02", "ICSA-18-254-05", "ICSA-17-222-02"]}], "modified": "2021-02-27T19:49:27", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-02-27T19:49:27", "rev": 2}, "vulnersScore": 6.1}}
{"cve": [{"lastseen": "2021-02-02T07:36:55", "description": "Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-15T17:15:00", "title": "CVE-2020-10637", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10637"], "modified": "2020-04-22T17:11:00", "cpe": ["cpe:/o:eaton:hmisoft_vu3_firmware:3.00.23"], "id": "CVE-2020-10637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10637", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:eaton:hmisoft_vu3_firmware:3.00.23:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:55", "description": "Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-15T17:15:00", "title": "CVE-2020-10639", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10639"], "modified": "2020-04-22T17:16:00", "cpe": ["cpe:/o:eaton:hmisoft_vu3_firmware:3.00.23"], "id": "CVE-2020-10639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10639", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:eaton:hmisoft_vu3_firmware:3.00.23:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-06-22T11:40:45", "bulletinFamily": "info", "cvelist": ["CVE-2020-10637"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of wDescribeLen information within VU3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-492", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-492/", "title": "Eaton HMiSoft VU3 File Parsing wDescribeLen Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:41:22", "bulletinFamily": "info", "cvelist": ["CVE-2020-10637"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Giffile field. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-491", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-491/", "title": "Eaton HMiSoft VU3 File Parsing Giffile Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:41:04", "bulletinFamily": "info", "cvelist": ["CVE-2020-10637"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Base64TextLen field. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-490", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-490/", "title": "Eaton HMiSoft VU3 File Parsing Base64TextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:39:55", "bulletinFamily": "info", "cvelist": ["CVE-2020-10637"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of wTextLen information within VU3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-493", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-493/", "title": "Eaton HMiSoft VU3 File Parsing wTextLen Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-22T11:41:22", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the wTitleTextLen field. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-485", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-485/", "title": "Eaton HMiSoft VU3 File Parsing wTitleTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:41:40", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LinkSize information within VU3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-472", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-472/", "title": "Eaton HMiSoft VU3 File Parsing LinkSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:40:37", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the LinkSize field. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-488", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-488/", "title": "Eaton HMiSoft VU3 File Parsing LinkSize Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:39:50", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the wMailCopyToLen field. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-481", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-481/", "title": "Eaton HMiSoft VU3 File Parsing wMailCopyToLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:41:27", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the wMailContentLen field. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-480", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-480/", "title": "Eaton HMiSoft VU3 File Parsing wMailContentLen Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:41:45", "bulletinFamily": "info", "cvelist": ["CVE-2020-10639"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton HMiSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of wKPFString information within VU3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2020-06-22T00:00:00", "published": "2020-04-15T00:00:00", "id": "ZDI-20-473", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-473/", "title": "Eaton HMiSoft VU3 File Parsing wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
