7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502259);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/11");
script_cve_id("CVE-2020-6994");
script_name(english:"Hirschmann Automation and Control HiOS and HiSecOS Products Buffer Copy Without Checking Size of Input (CVE-2020-6994)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A buffer overflow vulnerability was found in some devices of
Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability
is due to improper parsing of URL arguments. An attacker could exploit
this vulnerability by specially crafting HTTP requests to overflow an
internal buffer. The following devices using HiOS Version 07.0.02 and
lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS,
OS, RED. The following devices using HiSecOS Version 03.2.00 and lower
are affected: EAGLE20/30.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.us-cert.gov/ics/advisories/icsa-20-091-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Hirschmann recommends updating HiOS products to Version 07.0.03 or higher and HiSecOS products to Version 03.3.00 or
higher.
Hirschmann also recommends, as a workaround, users either use the âIP Access Restrictionâ feature to restrict HTTP and
HTTPS to trusted IP addresses, or disable the HTTP and HTTPS server.
For more information regarding this vulnerability and the associated mitigations, please see Belden security bulletin
number BSECV-2020-01.
For additional resources, please go to https://www.belden.com/security.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6994");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_greyhound");
script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_rail_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_eagle20");
script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_eagle30");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Hirschmann");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Hirschmann');
var asset = tenable_ot::assets::get(vendor:'Hirschmann');
var vuln_cpes = {
"cpe:/o:belden:hirschmann_greyhound" :
{"versionEndIncluding" : "07.0.02", "family" : "Hirschmann"},
"cpe:/o:belden:hirschmann_rail_switch" :
{"versionEndIncluding" : "07.0.02", "family" : "Hirschmann"},
"cpe:/o:belden:hirschmann_eagle20" :
{"versionEndIncluding" : "03.2.00", "family" : "Hirschmann"},
"cpe:/o:belden:hirschmann_eagle30" :
{"versionEndIncluding" : "03.2.00", "family" : "Hirschmann"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
belden | hirschmann_eagle30 | cpe:/o:belden:hirschmann_eagle30 | |
belden | hirschmann_rail_switch | cpe:/o:belden:hirschmann_rail_switch | |
belden | hirschmann_eagle20 | cpe:/o:belden:hirschmann_eagle20 | |
belden | hirschmann_greyhound | cpe:/o:belden:hirschmann_greyhound |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%