Search criteria
3 vulnerabilities found for ecospro by ecoscentric
FKIE_CVE-2021-27417
Vulnerability from fkie_nvd - Published: 2022-05-03 21:15 - Updated: 2024-11-21 05:57
Severity ?
4.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ecoscentric | ecospro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecoscentric:ecospro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6406BE09-307A-4FC2-BC6F-5D0E3F6E08FA",
"versionEndIncluding": "4.5.3",
"versionStartIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow."
},
{
"lang": "es",
"value": "eCosCentric eCosPro RTOS versiones 2.0.1 hasta 4.5.3, son vulnerables a una envoltura de enteros en la funci\u00f3n calloc (una implementaci\u00f3n de malloc). La asignaci\u00f3n de memoria no verificada puede conllevar a una asignaci\u00f3n de memoria arbitraria, resultando en un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria"
}
],
"id": "CVE-2021-27417",
"lastModified": "2024-11-21T05:57:56.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 4.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-03T21:15:08.180",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-27417 (GCVE-0-2021-27417)
Vulnerability from cvelistv5 – Published: 2022-05-03 20:17 – Updated: 2025-04-16 16:25
VLAI?
Title
eCosCentric eCosPro RTOS Integer Overflow or Wraparound
Summary
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
Severity ?
4.6 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eCosCentric | eCosPro RTOS |
Affected:
2.0.1 , ≤ 4.5.3
(custom)
|
Credits
David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:04.415991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:25:33.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "eCosPro RTOS",
"vendor": "eCosCentric",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": " 2.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T20:17:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
],
"solutions": [
{
"lang": "en",
"value": "Update eCosCentric eCosPro RTOS to version 4.5.4 or newer \u2013 Update available"
}
],
"source": {
"defect": [
"\u201cBadAlloc\u201d"
],
"discovery": "EXTERNAL"
},
"title": "eCosCentric eCosPro RTOS Integer Overflow or Wraparound",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27417",
"STATE": "PUBLIC",
"TITLE": "eCosCentric eCosPro RTOS Integer Overflow or Wraparound"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCosPro RTOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": " 2.0.1",
"version_value": "4.5.3"
}
]
}
}
]
},
"vendor_name": "eCosCentric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"name": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437",
"refsource": "CONFIRM",
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update eCosCentric eCosPro RTOS to version 4.5.4 or newer \u2013 Update available"
}
],
"source": {
"defect": [
"\u201cBadAlloc\u201d"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27417",
"datePublished": "2022-05-03T20:17:54.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:25:33.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27417 (GCVE-0-2021-27417)
Vulnerability from nvd – Published: 2022-05-03 20:17 – Updated: 2025-04-16 16:25
VLAI?
Title
eCosCentric eCosPro RTOS Integer Overflow or Wraparound
Summary
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
Severity ?
4.6 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eCosCentric | eCosPro RTOS |
Affected:
2.0.1 , ≤ 4.5.3
(custom)
|
Credits
David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:04.415991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:25:33.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "eCosPro RTOS",
"vendor": "eCosCentric",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": " 2.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T20:17:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
],
"solutions": [
{
"lang": "en",
"value": "Update eCosCentric eCosPro RTOS to version 4.5.4 or newer \u2013 Update available"
}
],
"source": {
"defect": [
"\u201cBadAlloc\u201d"
],
"discovery": "EXTERNAL"
},
"title": "eCosCentric eCosPro RTOS Integer Overflow or Wraparound",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27417",
"STATE": "PUBLIC",
"TITLE": "eCosCentric eCosPro RTOS Integer Overflow or Wraparound"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCosPro RTOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": " 2.0.1",
"version_value": "4.5.3"
}
]
}
}
]
},
"vendor_name": "eCosCentric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"name": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437",
"refsource": "CONFIRM",
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update eCosCentric eCosPro RTOS to version 4.5.4 or newer \u2013 Update available"
}
],
"source": {
"defect": [
"\u201cBadAlloc\u201d"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27417",
"datePublished": "2022-05-03T20:17:54.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:25:33.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}