{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T17:15:11.196","vulnerabilities":[{"cve":{"id":"CVE-2020-6994","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-04-03T19:15:13.250","lastModified":"2024-11-21T05:36:27.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30."},{"lang":"es","value":"Se detectó una vulnerabilidad de desbordamiento de búfer en algunos dispositivos de Hirschmann Automation and Control HiOS y HiSecOS. La vulnerabilidad es debido al análisis inapropiado de los argumentos de la URL. Un atacante podría explotar esta vulnerabilidad mediante peticiones HTTP especialmente diseñadas para desbordar un búfer interno. Los siguientes dispositivos que usan HiOS Versión 07.0.02 y anteriores están afectados: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. Los siguientes dispositivos que usan HiSecOS Versión 03.2.00 y anteriores están afectados: EAGLE20 / 30."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-12"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*","versionEndIncluding":"07.0.02","matchCriteriaId":"7B3DB8FD-EC62-46F4-B60F-F71F3177730B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"3CB779E6-113B-4430-905F-427FC87A61D8"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_embedded_ethernet_switch_extended:-:*:*:*:*:*:*:*","matchCriteriaId":"E0EF2CF9-2150-4750-8DD6-9A911A187F34"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_greyhound_swtich:-:*:*:*:*:*:*:*","matchCriteriaId":"2969C04A-B6C8-4F91-921A-5E13491329F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_mice_switch_power:-:*:*:*:*:*:*:*","matchCriteriaId":"74C8EBA4-96AB-4A40-B6FD-6A7C44C1F4FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_octopus:-:*:*:*:*:*:*:*","matchCriteriaId":"4F849F79-6A81-433E-AF58-B745D177837C"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_prp_redbox:-:*:*:*:*:*:*:*","matchCriteriaId":"7678F652-5260-4A81-931B-D5F2B4F91A66"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_rail_switch_power:-:*:*:*:*:*:*:*","matchCriteriaId":"992A605B-5B55-433C-A4E5-C9725C263FB3"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_rail_switch_power_enhanced:-:*:*:*:*:*:*:*","matchCriteriaId":"ACC46D0A-4F92-41C7-B069-5047526CDCDF"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*","matchCriteriaId":"FDE06D94-B686-4468-86CF-AA68BB5CFEF4"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*","matchCriteriaId":"BC6487F7-284A-40C2-B70D-9380AD2A47C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:belden:hirschmann_hisecos:*:*:*:*:*:*:*:*","versionEndIncluding":"03.2.00","matchCriteriaId":"B26FD56D-F11E-4990-A329-DBC18F40EFDE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*","matchCriteriaId":"771189D9-34F0-400D-938B-2AA218C28C43"},{"vulnerable":false,"criteria":"cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*","matchCriteriaId":"3DCF228A-F3A8-4B36-A105-04E88980BA76"}]}]}],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-091-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-091-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}