Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hirschmann_hios
(Belden)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-03 | CVE-2020-6994 | A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected:... | Hirschmann_hios, Hirschmann_hisecos | 9.8 | ||
| 2021-02-11 | CVE-2020-9307 | Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts). | Hirschmann_hios | 6.5 | ||
| 2021-05-17 | CVE-2021-27734 | Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. | Hirschmann_hios, Hisecos | 9.8 | ||
| 2019-08-09 | CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 | ||
| 2019-08-09 | CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 | ||
| 2019-08-09 | CVE-2019-12257 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 8.8 | ||
| 2019-08-09 | CVE-2019-12263 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 8.1 | ||
| 2019-08-09 | CVE-2019-12265 | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 5.3 | ||
| 2019-08-09 | CVE-2019-12258 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 7.5 | ||
| 2019-08-09 | CVE-2019-12260 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | Garrettcom_magnum_dx940e_firmware, Hirschmann_hios, E\-Series_santricity_os_controller, Communications_eagle, Power_meter_9410_firmware, Power_meter_9810_firmware, Ruggedcom_win7000_firmware, Ruggedcom_win7018_firmware, Ruggedcom_win7025_firmware, Ruggedcom_win7200_firmware, Siprotec_5_firmware, Sonicos, Vxworks | 9.8 |