CVE-2019-10967

Summary

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
EmersonEmerson Ovation OCR400 ControllerAll versions prior to and including v3.3.1affected

Weaknesses

  • CWE-121: Stack-Based Buffer Overflow CWE-121

ADP Enrichment

CVE Program Container

Additional References

References