CVE-2019-10967

HIGH

Emerson Ovation OCR400 Firmware < 3.3.1 - Stack-based Buffer Overflow via FTP LIST Command

Title source: llm
STIX 2.1

Description

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-148-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108499

Scores

CVSS v3 8.8
EPSS 0.0375
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-121 CWE-787
Status published
Products (1)
emerson/ovation_ocr400_firmware < 3.3.1
Published May 28, 2019
Tracked Since Feb 18, 2026