CVE-2020-25159 - 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which m

CVE-2020-25159

Summary

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03

Vulnerable Configurations

cpe:2.3:o:rtautomation:499es_ethernet\/ip_adaptor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rtautomation:499es_ethernet\/ip_adaptor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rtautomation:499es_ethernet\/ip_adaptor:-:*:*:*:*:*:*:*
cpe:2.3:h:rtautomation:499es_ethernet\/ip_adaptor:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 30-11-2020 - 21:11)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03

Last major update

30-11-2020 - 21:11

Published

24-11-2020 - 20:15

Last modified

30-11-2020 - 21:11