Search criteria
2 vulnerabilities by hms-networks
CVE-2021-33214 (GCVE-0-2021-33214)
Vulnerability from cvelistv5 – Published: 2021-07-09 18:03 – Updated: 2024-08-03 23:42
VLAI?
Summary
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T18:42:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/about-us/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories"
},
{
"name": "https://www.ewon.biz/about-us/security",
"refsource": "MISC",
"url": "https://www.ewon.biz/about-us/security"
},
{
"name": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher",
"refsource": "MISC",
"url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher"
},
{
"name": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4",
"refsource": "MISC",
"url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4"
},
{
"name": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33214",
"datePublished": "2021-07-09T18:03:44",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14498 (GCVE-0-2020-14498)
Vulnerability from cvelistv5 – Published: 2020-08-26 13:30 – Updated: 2024-08-04 12:46
VLAI?
Summary
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Severity ?
9.6 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HMS Industrial Networks AB | eCatcher |
Affected:
0 , < 6.5.5
(custom)
|
Credits
Sharon Brizinov of Claroty reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eCatcher",
"vendor": "HMS Industrial Networks AB",
"versions": [
{
"lessThan": "6.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\u003c/p\u003e"
}
],
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:47:34.917Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
},
{
"url": "https://www.hms-networks.com/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eHMS recommends users update eCatcher to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ewon.biz/technical-support/pages/all-downloads\"\u003eVersion 6.5.5 or later\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eFor more information, see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hms-networks.com/cybersecurity\"\u003eHMS advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\n\n\nHMS recommends users update eCatcher to Version 6.5.5 or later https://ewon.biz/technical-support/pages/all-downloads . \n\nFor more information, see the HMS advisory https://www.hms-networks.com/cybersecurity .\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
},
"title": "HMS Industrial Networks AB eCatcher Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14498",
"STATE": "PUBLIC",
"TITLE": "HMS Industrial Networks AB eCatcher Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCatcher",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.5.5"
}
]
}
}
]
},
"vendor_name": "HMS Industrial Networks AB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "HMS recommends users update eCatcher to Version 6.5.5 or later."
}
],
"source": {
"advisory": "ICSA-20-210-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14498",
"datePublished": "2020-08-26T13:30:01",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}