OTPulse
FeedAboutContact

HMS Industrial Networks eCatcher

Act Now9.6ICS-CERT ICSA-20-210-03Jul 28, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in HMS eCatcher all versions before 6.5.5 allows remote code execution with the highest privileges. Successful exploitation could crash the device or allow an attacker to run arbitrary commands. The vulnerability is triggered by a malformed request and requires user interaction.

What this means
What could happen
A remote attacker could crash the eCatcher device or execute arbitrary code with the highest privileges, potentially disrupting communications between industrial control systems and monitoring/diagnostics platforms.
Who's at risk
Manufacturing facilities using HMS eCatcher for industrial device monitoring and diagnostics. This includes any operation relying on eCatcher to communicate with PLCs, gateways, or other control system equipment.
How it could be exploited
An attacker on the network sends a malformed request that triggers a buffer overflow in eCatcher's input handling. This could allow code execution without requiring authentication. The attack likely requires user interaction (clicking a link or opening a file) given the CVSS vector includes UI:R.
Prerequisites
  • Network access to eCatcher on port 80 or 443
  • User interaction (e.g., clicking a malicious link or opening crafted content)
remotely exploitableno authentication requiredlow complexitybuffer overflow allows code executionhigh privilege access possible
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
eCatcher: All< 6.5.56.5.5 or later
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGBlock inbound network access to eCatcher from the Internet and untrusted networks using a firewall
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate eCatcher to version 6.5.5 or later
Long-term hardening
0/1
HARDENINGIsolate eCatcher and systems it connects to on a separate network segment away from business networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dbd064dd-4d2c-414e-b4b0-d6d975414d34
HMS Industrial Networks eCatcher | CVSS 9.6 - OTPulse