Rewterz Threat Alert – Covid-19 Threat Actors Impersonating CDC, WHO
March 31, 2020Rewterz Threat Alert – New Zero Days in Zoom Allow Session Hijack
April 2, 2020Rewterz Threat Alert – Covid-19 Threat Actors Impersonating CDC, WHO
March 31, 2020Rewterz Threat Alert – New Zero Days in Zoom Allow Session Hijack
April 2, 2020Severity
High
Analysis Summary
CVE-2020-6994 – A vulnerability in the HTTP(S) web server of HiOS and HiSecOS devices could allow an unauthenticated, remote actor to overflow a buffer and fully compromise the target device.
The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer.
Impact
Full compromise of target device
Affected Vendors
Hirschmann Automation and Control GmbH
Affected Products
The following devices using HiOS Version 07.0.02 and lower are affected: RSP
RSPE
RSPS
RSPL
MSP
EES
EESX
GRS
OS
RED
The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30
Remediation
- Hirschmann recommends updating HiOS products to Version 07.0.03 or higher and HiSecOS products to Version 03.3.00 or higher.
- Hirschmann also recommends, as a workaround, users either use the “IP Access Restriction” feature to restrict HTTP and HTTPS to trusted IP addresses, or disable the HTTP and HTTPS server.