Heap-based Buffer Overflow Vulnerability in Emerson Ovation OCR400 Controller 3.3.1 and Earlier

Heap-based Buffer Overflow Vulnerability in Emerson Ovation OCR400 Controller 3.3.1 and Earlier

CVE-2019-10965 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.

Learn more about our Cis Benchmark Audit For Server Software.