Details of VAR-201409-1158

ID

VAR-201409-1158

TITLE

WS10 Data Server SCADA Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06447 // BID: 70136

DESCRIPTION

WS10 Data Server is a data acquisition and monitoring system (SCADA) for the industrial automation industry. A remote buffer overflow vulnerability exists in WS10 Data Server, which originates from the program's failure to perform correct boundary checks on user-supplied data. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may also cause a denial of service. There are vulnerabilities in WS10 Data Server version 1.83, other versions may also be affected. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.53

sources: CNVD: CNVD-2014-06447 // CNNVD: CNNVD-201409-966 // BID: 70136 // IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06447

AFFECTED PRODUCTS

vendor:

novus

model:

ws10 data server

scope:

version:

1.83

Trust: 0.8

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06447

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-06447
value:	MEDIUM
Trust: 0.6
IVD:	802a3378-1eb7-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2014-06447
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	802a3378-1eb7-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-966

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201409-966

EXTERNAL IDS

db:	BID	id:	70136	Trust: 1.5
db:	CNVD	id:	CNVD-2014-06447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-966	Trust: 0.6
db:	IVD	id:	802A3378-1EB7-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 802a3378-1eb7-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06447 // BID: 70136 // CNNVD: CNNVD-201409-966

REFERENCES

url:

http://www.securityfocus.com/bid/70136

Trust: 1.2

sources: CNVD: CNVD-2014-06447 // CNNVD: CNNVD-201409-966

CREDITS

Pedro Sanchez

Trust: 0.9

sources: BID: 70136 // CNNVD: CNNVD-201409-966

SOURCES

db:	IVD	id:	802a3378-1eb7-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06447
db:	BID	id:	70136
db:	CNNVD	id:	CNNVD-201409-966

LAST UPDATE DATE

2022-05-17T01:36:51.228000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06447	date:	2014-09-28T00:00:00
db:	BID	id:	70136	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-966	date:	2014-09-28T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	802a3378-1eb7-11e6-abef-000c29c66e3d	date:	2014-09-28T00:00:00
db:	CNVD	id:	CNVD-2014-06447	date:	2014-09-28T00:00:00
db:	BID	id:	70136	date:	2014-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201409-966	date:	2014-09-28T00:00:00