Full Report
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server version 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Analysis Summary
# Vulnerability: Remote Code Execution in Emerson OpenEnterprise Server via Heap-based Buffer Overflow
## CVE Details
- CVE ID: CVE-2020-6970
- CVSS Score: 9.8 (Critical) (Based on CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CWE: Heap-based Buffer Overflow (Inferred from description)
## Affected Systems
- Products: Emerson OpenEnterprise SCADA Server
- Versions:
- Version 2.83 (If Modbus or ROC Interfaces are installed and in use)
- All versions of OpenEnterprise 3.1 through 3.3.3
- Configurations: Exploitable only when Modbus or ROC Interfaces are installed and operational in version 2.83.
## Vulnerability Description
A Heap-based Buffer Overflow vulnerability exists within the Emerson OpenEnterprise SCADA Server. A remote, unauthenticated attacker can leverage this flaw by sending a specially crafted script to the vulnerable server interface (likely via the Modbus or ROC protocols). Successful exploitation leads to the ability for the attacker to execute arbitrary code remotely on the affected server.
## Exploitation
- Status: Unknown existence of exploit (The source categorizes this as "Unknown")
- Complexity: Low (CVSS indicates Low Attack Complexity, No User Interaction required)
- Attack Vector: Network
## Impact
- Confidentiality: High (Data disclosure/theft possible)
- Integrity: High (System files/data manipulation possible)
- Availability: High (Denial of Service via code execution possible)
## Remediation
### Patches
- Emerson recommends upgrading to **OpenEnterprise 3.3, Service Pack 4 (3.3.4)**, to resolve this issue.
- Patches are available to users with access to the Emerson SupportNet system.
### Workarounds
- No specific workarounds were detailed in the provided text, other than applying the vendor patch. (Implied: Disabling or isolating the Modbus/ROC interfaces if upgrading is not immediately possible, though this is not explicitly confirmed as a mitigation).
## Detection
- Specific Indicators of Compromise (IOCs) were not provided.
- Detection methods would focus on monitoring network traffic to the Modbus/ROC ports for unexpected or malformed data payloads directed at the OpenEnterprise server.
## References
- Vendor Advisory: Vendor released patch in February 2020.
- Kaseprsky Advisory: hxxps://ics-cert.kaspersky.com/advisories/2020/03/23/klcert-20-324-remote-code-execution-on-emerson-openenterprise-scada-server-version-2-83-and-all-versions-of-openenterprise-3-1-through-3-3-3/