N/A

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

N/A

输入验证不恰当

Host Engineering Ecom100 Module 输入验证错误漏洞

Host Engineering Ecom100 Module是美国Host Engineering公司的一个用于工业环境的可编程控制器。该设备可安装DirectSoft软件包用于PLC编程，主站及从站配置支持Modbus/Tcp协议。 Host Engineering ECOM100存在输入验证错误漏洞，该漏洞源于当接收到来自配置web服务器的输入时，仅在客户端对受影响的产品s输入字段的长度进行验证，攻击者可利用该漏洞绕过检查，发送输入导致设备崩溃。

N/A

N/A