Details of VAR-201706-0660

ID

VAR-201706-0660

CVE

CVE-2017-7910

TITLE

Digital Canal Structural Wind Analysis Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370

DESCRIPTION

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack. Attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

Trust: 2.61

sources: NVD: CVE-2017-7910 // JVNDB: JVNDB-2017-005221 // CNVD: CNVD-2017-13573 // BID: 98976 // IVD: e6d2974c-b05f-457c-bada-8e08a663637d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e6d2974c-b05f-457c-bada-8e08a663637d // CNVD: CNVD-2017-13573

AFFECTED PRODUCTS

vendor:	digital canal structural	model:	wind analysis	scope:	eq	version:	9.1	Trust: 1.6
vendor:	digital canal structural	model:	wind analysis	scope:	lte	version:	9.1	Trust: 0.8
vendor:	digital	model:	canal structural wind analysis	scope:	lte	version:	<=9.1	Trust: 0.6
vendor:	digital	model:	canal wind analysis	scope:	eq	version:	9.1	Trust: 0.3
vendor:	wind analysis	model:	-	scope:	eq	version:	9.1	Trust: 0.2

sources: IVD: e6d2974c-b05f-457c-bada-8e08a663637d // CNVD: CNVD-2017-13573 // BID: 98976 // JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370 // NVD: CVE-2017-7910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7910
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7910
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-13573
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201706-370
value:	HIGH
Trust: 0.6
IVD:	e6d2974c-b05f-457c-bada-8e08a663637d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-7910
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-13573
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e6d2974c-b05f-457c-bada-8e08a663637d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-7910
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e6d2974c-b05f-457c-bada-8e08a663637d // CNVD: CNVD-2017-13573 // JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370 // NVD: CVE-2017-7910

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-121	Trust: 1.0

sources: JVNDB: JVNDB-2017-005221 // NVD: CVE-2017-7910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-370

TYPE

Buffer error

Trust: 0.8

sources: IVD: e6d2974c-b05f-457c-bada-8e08a663637d // CNNVD: CNNVD-201706-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005221

PATCH

title:	Wind Analysis	url:	http://digitalcanalstructural.com/wind-analysis/	Trust: 0.8
title:	Patch for Digital Canal Structural Wind Analysis Stack Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/97674	Trust: 0.6
title:	Digital Canal Structural Wind Analysis Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71484	Trust: 0.6

sources: CNVD: CNVD-2017-13573 // JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7910	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-157-02	Trust: 2.7
db:	BID	id:	98976	Trust: 2.5
db:	CNVD	id:	CNVD-2017-13573	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-370	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005221	Trust: 0.8
db:	IVD	id:	E6D2974C-B05F-457C-BADA-8E08A663637D	Trust: 0.2

sources: IVD: e6d2974c-b05f-457c-bada-8e08a663637d // CNVD: CNVD-2017-13573 // BID: 98976 // JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370 // NVD: CVE-2017-7910

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-157-02	Trust: 2.7
url:	http://www.securityfocus.com/bid/98976	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7910	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7910	Trust: 0.8
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7910	Trust: 0.6
url:	http://digitalcanalstructural.com/wind-analysis/	Trust: 0.3

sources: CNVD: CNVD-2017-13573 // BID: 98976 // JVNDB: JVNDB-2017-005221 // CNNVD: CNNVD-201706-370 // NVD: CVE-2017-7910

CREDITS

Peter Cheng

Trust: 0.9

sources: BID: 98976 // CNNVD: CNNVD-201706-370

SOURCES

db:	IVD	id:	e6d2974c-b05f-457c-bada-8e08a663637d
db:	CNVD	id:	CNVD-2017-13573
db:	BID	id:	98976
db:	JVNDB	id:	JVNDB-2017-005221
db:	CNNVD	id:	CNNVD-201706-370
db:	NVD	id:	CVE-2017-7910

LAST UPDATE DATE

2025-04-20T23:13:05.532000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-13573	date:	2017-07-10T00:00:00
db:	BID	id:	98976	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005221	date:	2017-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201706-370	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-7910	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e6d2974c-b05f-457c-bada-8e08a663637d	date:	2017-07-10T00:00:00
db:	CNVD	id:	CNVD-2017-13573	date:	2017-07-10T00:00:00
db:	BID	id:	98976	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005221	date:	2017-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201706-370	date:	2017-06-07T00:00:00
db:	NVD	id:	CVE-2017-7910	date:	2017-06-14T21:29:00.240