Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for h2-ecom100_firmware by hosteng

    CVE-2020-25195 (GCVE-0-2020-25195)

    Vulnerability from nvd – Published: 2020-12-15 19:38 – Updated: 2024-08-04 15:26
    VLAI
    Summary
    The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Host Engineering H0-ECOM100 Module Affected: Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior
    Affected: Hardware Version 7x with Firmware Versions 4.1.113 and prior
    Affected: Hardware Version 9x with Firmware Versions 5.0.149 and prior
    n/a Host Engineering H2-ECOM100 Module Affected: Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior
    Affected: Hardware Version 8x with Firmware Versions 5.0.1043 and prior
    n/a Host Engineering H4-ECOM100 Module Affected: Firmware Versions 4.0.2148 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Host Engineering H0-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
                }
              ]
            },
            {
              "product": "Host Engineering H2-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
                }
              ]
            },
            {
              "product": "Host Engineering H4-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware Versions 4.0.2148 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-15T19:38:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-25195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Host Engineering H0-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
                              },
                              {
                                "version_value": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
                              },
                              {
                                "version_value": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Host Engineering H2-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
                              },
                              {
                                "version_value": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Host Engineering H4-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware Versions 4.0.2148 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25195",
        "datePublished": "2020-12-15T19:38:02.000Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:10.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25195 (GCVE-0-2020-25195)

    Vulnerability from cvelistv5 – Published: 2020-12-15 19:38 – Updated: 2024-08-04 15:26
    VLAI
    Summary
    The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Host Engineering H0-ECOM100 Module Affected: Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior
    Affected: Hardware Version 7x with Firmware Versions 4.1.113 and prior
    Affected: Hardware Version 9x with Firmware Versions 5.0.149 and prior
    n/a Host Engineering H2-ECOM100 Module Affected: Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior
    Affected: Hardware Version 8x with Firmware Versions 5.0.1043 and prior
    n/a Host Engineering H4-ECOM100 Module Affected: Firmware Versions 4.0.2148 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Host Engineering H0-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
                }
              ]
            },
            {
              "product": "Host Engineering H2-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
                },
                {
                  "status": "affected",
                  "version": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
                }
              ]
            },
            {
              "product": "Host Engineering H4-ECOM100 Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware Versions 4.0.2148 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-15T19:38:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-25195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Host Engineering H0-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
                              },
                              {
                                "version_value": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
                              },
                              {
                                "version_value": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Host Engineering H2-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
                              },
                              {
                                "version_value": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Host Engineering H4-ECOM100 Module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware Versions 4.0.2148 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25195",
        "datePublished": "2020-12-15T19:38:02.000Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:10.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }