Sign-up

ID

VAR-201611-0394


TITLE

Buffer overflow vulnerability exists in Scada-os configuration software project file

Trust: 0.6

sources: CNVD: CNVD-2016-11637

DESCRIPTION

Scada-OS is a SCADA system developed by multiple SCADA configuration software engineers. Scada-os configuration software version 6.1.0.0 project has a buffer overflow vulnerability. Because the software failed to detect the length of the name tag content in the project file, an attacker could use this vulnerability to execute arbitrary code or cause a denial of service attack

Trust: 0.72

sources: CNVD: CNVD-2016-11637 // IVD: 2a236f54-04d6-4673-b56e-e1073013fa35

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2a236f54-04d6-4673-b56e-e1073013fa35 // CNVD: CNVD-2016-11637

AFFECTED PRODUCTS

vendor:scada osmodel:scada-os configuration softwarescope:eqversion:6.1.0.0

Trust: 0.8

sources: IVD: 2a236f54-04d6-4673-b56e-e1073013fa35 // CNVD: CNVD-2016-11637

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-11637
value: MEDIUM

Trust: 0.6

IVD: 2a236f54-04d6-4673-b56e-e1073013fa35
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2016-11637
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2a236f54-04d6-4673-b56e-e1073013fa35
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 2a236f54-04d6-4673-b56e-e1073013fa35 // CNVD: CNVD-2016-11637

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 2a236f54-04d6-4673-b56e-e1073013fa35

PATCH

title:Buffer overflow in scada-os configuration software project fileurl:https://www.cnvd.org.cn/patchinfo/show/84247

Trust: 0.6

sources: CNVD: CNVD-2016-11637

EXTERNAL IDS

db:CNVDid:CNVD-2016-11637

Trust: 0.8

db:IVDid:2A236F54-04D6-4673-B56E-E1073013FA35

Trust: 0.2

sources: IVD: 2a236f54-04d6-4673-b56e-e1073013fa35 // CNVD: CNVD-2016-11637

SOURCES

db:IVDid:2a236f54-04d6-4673-b56e-e1073013fa35
db:CNVDid:CNVD-2016-11637

LAST UPDATE DATE

2022-05-17T01:43:18.193000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11637date:2016-11-30T00:00:00

SOURCES RELEASE DATE

db:IVDid:2a236f54-04d6-4673-b56e-e1073013fa35date:2016-11-30T00:00:00
db:CNVDid:CNVD-2016-11637date:2017-01-06T00:00:00