Details of VAR-201610-0693

ID

VAR-201610-0693

TITLE

Beijing Jiekong Industrial Control Configuration Software FameView Arbitrary file read and write vulnerability

Trust: 0.8

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717 // CNVD: CNVD-2016-09635

DESCRIPTION

FameView automatic configuration management software is a configuration monitoring software developed by Beijing Jiekong Company based on Windows operating system based on many years of engineering application and service experience. Beijing Jiekong's industrial control configuration software FameView has an arbitrary file reading and writing vulnerability that allows attackers to read and write arbitrary files

Trust: 0.72

sources: CNVD: CNVD-2016-09635 // IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717 // CNVD: CNVD-2016-09635

AFFECTED PRODUCTS

vendor:

jiekong

model:

fameview configuration software

scope:

version:

7.60.11

Trust: 0.8

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717 // CNVD: CNVD-2016-09635

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-09635
value:	MEDIUM
Trust: 0.6
IVD:	f1aba396-56ac-4a46-8bed-b73c03ee3717
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2016-09635
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f1aba396-56ac-4a46-8bed-b73c03ee3717
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717 // CNVD: CNVD-2016-09635

TYPE

Access control error

Trust: 0.2

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717

PATCH

title:

Beijing Jiekong industrial control configuration software FameView arbitrary file read and write vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/80663

Trust: 0.6

sources: CNVD: CNVD-2016-09635

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-09635	Trust: 0.8
db:	IVD	id:	F1ABA396-56AC-4A46-8BED-B73C03EE3717	Trust: 0.2

sources: IVD: f1aba396-56ac-4a46-8bed-b73c03ee3717 // CNVD: CNVD-2016-09635

SOURCES

db:	IVD	id:	f1aba396-56ac-4a46-8bed-b73c03ee3717
db:	CNVD	id:	CNVD-2016-09635

LAST UPDATE DATE

2022-05-17T02:01:06.123000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-09635

date:

2016-10-21T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	f1aba396-56ac-4a46-8bed-b73c03ee3717	date:	2016-10-21T00:00:00
db:	CNVD	id:	CNVD-2016-09635	date:	2016-10-05T00:00:00