EUVD-2020-17886

Malware in sbrugna...

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

Stack overflow

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

CVE-2022-3228

The CVE-2022-3228 vulnerability affects Host Engineering H0-ECOM100 Communications Module Firmware v5.0.155 and earlier. An attacker can trigger a stack-based buffer overflow by writing into the name or description fields that exceed the buffer size, potentially crashing the device or making it u...

CVE-2022-3228

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device...

PT-2022-21202 · Host Engineering · H0-Ecom100 Communications Module Firmware

Name of the Vulnerable Software and Affected Versions: Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior Description: The issue allows an attacker to cause a stack-based buffer overflow by writing into name or description fields with data larger than the...

Host Engineering H0-ECOM100 Communications Module 缓冲区错误漏洞

Host Engineering H0-ECOM100 Communications Module is a Host Engineering communications module from Host Engineering, Inc. A security vulnerability exists in the Host Engineering H0-ECOM100 Communications Module. An attacker could exploit the vulnerability to cause a stack-based buffer overflow by...

Host Engineering Communications Module

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

CISA Releases Eight industrial Control Systems Advisories

CISA has released eight 8 Industrial Control Systems ICS advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...

CVE-2020-25195

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...

Input validation

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...

CVE-2020-25195

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...

CVE-2020-25195

CVE-2020-25195 affects Host Engineering ECOM100 modules (H0-ECOM100, H2-ECOM100, H4-ECOM100). The vulnerability arises because input field length checks are enforced only on the client side when inputs come from the configuration web server, allowing an attacker to bypass the check and send input...

Host Engineering Ecom100 Module Input Validation Error Vulnerability

The Host Engineering Ecom100 Module is a programmable controller for industrial environments from Host Engineering, USA. The device can be installed with the DirectSoft software package for PLC programming, and the master and slave configurations support the Modbus/Tcp protocol. An input validati...

Host Engineering H2-ECOM100 Module

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Host Engineering Equipment: ECOM100 Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition,...