Sign-up

ID

VAR-201612-0528


TITLE

HollySys Software HT8000 Project File Has Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-12223

DESCRIPTION

Hollysys HT8000CN Universal Edition industrial automation configuration screen editing software is a configuration software for constructing and producing embedded computer monitoring systems. HollySys software HT8000 project file has a sensitive information disclosure vulnerability. The software's engineering files * .shm leak sensitive information such as file protection passwords, username passwords, and highest-level passwords

Trust: 0.72

sources: CNVD: CNVD-2016-12223 // IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4 // CNVD: CNVD-2016-12223

AFFECTED PRODUCTS

vendor:hollysysmodel:group ht8000scope:eqversion:1.0.6

Trust: 0.8

sources: IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4 // CNVD: CNVD-2016-12223

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-12223
value: MEDIUM

Trust: 0.6

IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2016-12223
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4 // CNVD: CNVD-2016-12223

TYPE

Information leakage

Trust: 0.2

sources: IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4

PATCH

title:HollySys Software HT8000 Project File Has Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/85493

Trust: 0.6

sources: CNVD: CNVD-2016-12223

EXTERNAL IDS

db:CNVDid:CNVD-2016-12223

Trust: 0.8

db:IVDid:E5FCF261-0B97-4AAA-97BD-1EC1DE1B7EF4

Trust: 0.2

sources: IVD: e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4 // CNVD: CNVD-2016-12223

SOURCES

db:IVDid:e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4
db:CNVDid:CNVD-2016-12223

LAST UPDATE DATE

2022-05-17T01:52:38.019000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-12223date:2016-12-20T00:00:00

SOURCES RELEASE DATE

db:IVDid:e5fcf261-0b97-4aaa-97bd-1ec1de1b7ef4date:2016-12-14T00:00:00
db:CNVDid:CNVD-2016-12223date:2017-01-23T00:00:00