Search criteria
6 vulnerabilities found for ecatcher by hms-networks
FKIE_CVE-2021-33214
Vulnerability from fkie_nvd - Published: 2021-07-09 19:15 - Updated: 2024-11-21 06:08
Severity ?
Summary
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hms-networks | ecatcher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hms-networks:ecatcher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C38F7EB-BCFE-419B-BA12-1530CF117C34",
"versionEndIncluding": "6.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
},
{
"lang": "es",
"value": "En HMS Ewon eCatcher versiones hasta 6.6.4, permisos d\u00e9biles del sistema de archivos podr\u00edan permitir a usuarios maliciosos acceder a archivos que podr\u00edan conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial, la modificaci\u00f3n de archivos de configuraci\u00f3n o la interrupci\u00f3n del funcionamiento normal del sistema"
}
],
"id": "CVE-2021-33214",
"lastModified": "2024-11-21T06:08:32.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-09T19:15:08.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14498
Vulnerability from fkie_nvd - Published: 2020-08-26 14:15 - Updated: 2024-11-21 05:03
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.hms-networks.com/cybersecurity/security-advisories | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hms-networks.com/cybersecurity/security-advisories |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hms-networks | ecatcher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hms-networks:ecatcher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7B6964-FE40-4CFC-8FB5-0EABA977DCB6",
"versionEndExcluding": "6.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "HMS Industrial Networks AB eCatcher todas las versiones anteriores a 6.5.5. El producto afectado es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario remotamente"
}
],
"id": "CVE-2020-14498",
"lastModified": "2024-11-21T05:03:24.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T14:15:10.540",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-33214 (GCVE-0-2021-33214)
Vulnerability from cvelistv5 – Published: 2021-07-09 18:03 – Updated: 2024-08-03 23:42
VLAI?
Summary
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T18:42:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories"
},
{
"name": "https://www.ewon.biz/about-us/security",
"refsource": "MISC",
"url": "https://www.ewon.biz/about-us/security"
},
{
"name": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher",
"refsource": "MISC",
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"name": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4",
"refsource": "MISC",
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"name": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33214",
"datePublished": "2021-07-09T18:03:44",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14498 (GCVE-0-2020-14498)
Vulnerability from cvelistv5 – Published: 2020-08-26 13:30 – Updated: 2024-08-04 12:46
VLAI?
Summary
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Severity ?
9.6 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HMS Industrial Networks AB | eCatcher |
Affected:
0 , < 6.5.5
(custom)
|
Credits
Sharon Brizinov of Claroty reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eCatcher",
"vendor": "HMS Industrial Networks AB",
"versions": [
{
"lessThan": "6.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\u003c/p\u003e"
}
],
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:47:34.917Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eHMS recommends users update eCatcher to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ewon.biz/technical-support/pages/all-downloads\"\u003eVersion 6.5.5 or later\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eFor more information, see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hms-networks.com/cybersecurity\"\u003eHMS advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\n\n\nHMS recommends users update eCatcher to Version 6.5.5 or later https://ewon.biz/technical-support/pages/all-downloads . \n\nFor more information, see the HMS advisory https://www.hms-networks.com/cybersecurity .\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
},
"title": "HMS Industrial Networks AB eCatcher Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14498",
"STATE": "PUBLIC",
"TITLE": "HMS Industrial Networks AB eCatcher Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCatcher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.5.5"
}
]
}
}
]
},
"vendor_name": "HMS Industrial Networks AB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "HMS recommends users update eCatcher to Version 6.5.5 or later."
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14498",
"datePublished": "2020-08-26T13:30:01",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33214 (GCVE-0-2021-33214)
Vulnerability from nvd – Published: 2021-07-09 18:03 – Updated: 2024-08-03 23:42
VLAI?
Summary
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T18:42:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories"
},
{
"name": "https://www.ewon.biz/about-us/security",
"refsource": "MISC",
"url": "https://www.ewon.biz/about-us/security"
},
{
"name": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher",
"refsource": "MISC",
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"name": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4",
"refsource": "MISC",
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"name": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33214",
"datePublished": "2021-07-09T18:03:44",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14498 (GCVE-0-2020-14498)
Vulnerability from nvd – Published: 2020-08-26 13:30 – Updated: 2024-08-04 12:46
VLAI?
Summary
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Severity ?
9.6 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HMS Industrial Networks AB | eCatcher |
Affected:
0 , < 6.5.5
(custom)
|
Credits
Sharon Brizinov of Claroty reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eCatcher",
"vendor": "HMS Industrial Networks AB",
"versions": [
{
"lessThan": "6.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\u003c/p\u003e"
}
],
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:47:34.917Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eHMS recommends users update eCatcher to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ewon.biz/technical-support/pages/all-downloads\"\u003eVersion 6.5.5 or later\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eFor more information, see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hms-networks.com/cybersecurity\"\u003eHMS advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\n\n\nHMS recommends users update eCatcher to Version 6.5.5 or later https://ewon.biz/technical-support/pages/all-downloads . \n\nFor more information, see the HMS advisory https://www.hms-networks.com/cybersecurity .\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
},
"title": "HMS Industrial Networks AB eCatcher Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14498",
"STATE": "PUBLIC",
"TITLE": "HMS Industrial Networks AB eCatcher Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCatcher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.5.5"
}
]
}
}
]
},
"vendor_name": "HMS Industrial Networks AB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "HMS recommends users update eCatcher to Version 6.5.5 or later."
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14498",
"datePublished": "2020-08-26T13:30:01",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}