CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209

Products affected by CVE-2021-31227

Hcc-Embedded » Nichestack » Version: 3.0

cpe:2.3:a:hcc-embedded:nichestack:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31227

Products

Pricing

Contact Us