CVE-2019-10965

Summary

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
EmersonEmerson Ovation OCR400 ControllerAll versions prior to and including v3.3.1affected

Weaknesses

  • Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References