CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

Stack overflow

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

CVE-2022-3228

The CVE-2022-3228 vulnerability affects Host Engineering H0-ECOM100 Communications Module Firmware v5.0.155 and earlier. An attacker can trigger a stack-based buffer overflow by writing into the name or description fields that exceed the buffer size, potentially crashing the device or making it u...

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

PT-2022-21202 · Host Engineering · H0-Ecom100 Communications Module Firmware

Name of the Vulnerable Software and Affected Versions: Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior Description: The issue allows an attacker to cause a stack-based buffer overflow by writing into name or description fields with data larger than the...

Host Engineering Communications Module

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet-controllers from DirectLOGIC, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.

The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet controllers from DirectLOGIC is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted packet...

CVE-2020-25195

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...

CVE-2020-25195

CVE-2020-25195 affects Host Engineering ECOM100 modules (H0-ECOM100, H2-ECOM100, H4-ECOM100). The vulnerability arises because input field length checks are enforced only on the client side when inputs come from the configuration web server, allowing an attacker to bypass the check and send input...

Host Engineering Ecom100 Module Input Validation Error Vulnerability

The Host Engineering Ecom100 Module is a programmable controller for industrial environments from Host Engineering, USA. The device can be installed with the DirectSoft software package for PLC programming, and the master and slave configurations support the Modbus/Tcp protocol. An input validati...

Host Engineering H2-ECOM100 Module

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Host Engineering Equipment: ECOM100 Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition,...

CVE-2012-1808

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors...

Design/Logic Flaw

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service resource consumption via unspecified vectors...

CVE-2012-1806

The CVE-2012-1806 entry concerns weak password requirements in the Koyo ECOM Ethernet modules (H0/H0-ECOM, H2-ECOM, H2-ECOM-F/100, H4-ECOM, H4-ECOM-F/100) used with DirectLogic DL06/DL205/DL405 PLC families. The root cause is a maximum 8-byte password limit enabling brute-force access (CWE-521). ...

CVE-2012-1806

The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack...

Koyo Ecom Modules Vulnerabilities

Overview This Advisory is a follow-up to the ICS-CERT Alert titled “ICS-ALERT-12-020-05A—Koyo Ecom100 Vulnerabilities” that was originally published January 20, 2012, on the ICS-CERT web page and updated on February 14, 2012. ICS-CERT is aware of a public report of vulnerabilities with...