Details of VAR-201710-1434

ID

VAR-201710-1434

TITLE

Haiwell Cloud SCADA Android APP has password bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-30707

DESCRIPTION

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co., Ltd. Haiwell Cloud SCADA Android APP has a password bypass vulnerability. The attacker intercepts the data packet by capturing the packet, and replaces it with the constructed password data packet to bind any other mobile phone. http://www.haiwell.com/news/615-cn.htmlHaiwell Cloud SCADA system cloud configuration software Android APP has a password bypass vulnerability

Trust: 0.72

sources: CNVD: CNVD-2017-30707 // IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e // CNVD: CNVD-2017-30707

AFFECTED PRODUCTS

vendor:	-	model:	haiwei cloud scada app android version	scope:	-	version:	-	Trust: 0.6
vendor:	haiwei	model:	haiwell cloud scada app android version	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e // CNVD: CNVD-2017-30707

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-30707
value:	MEDIUM
Trust: 0.6
IVD:	0c15bf71-81e2-4371-967f-0e402fe7ff7e
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2017-30707
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0c15bf71-81e2-4371-967f-0e402fe7ff7e
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e // CNVD: CNVD-2017-30707

TYPE

Access verification error

Trust: 0.2

sources: IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e

PATCH

title:

Haiwell Cloud SCADA System Cloud Configuration Software Android App Has Password Bypass Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/102638

Trust: 0.6

sources: CNVD: CNVD-2017-30707

EXTERNAL IDS

db:	CNVD	id:	CNVD-2017-30707	Trust: 0.8
db:	IVD	id:	0C15BF71-81E2-4371-967F-0E402FE7FF7E	Trust: 0.2

sources: IVD: 0c15bf71-81e2-4371-967f-0e402fe7ff7e // CNVD: CNVD-2017-30707

SOURCES

db:	IVD	id:	0c15bf71-81e2-4371-967f-0e402fe7ff7e
db:	CNVD	id:	CNVD-2017-30707

LAST UPDATE DATE

2022-05-17T02:09:45.412000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-30707

date:

2017-10-31T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	0c15bf71-81e2-4371-967f-0e402fe7ff7e	date:	2017-10-19T00:00:00
db:	CNVD	id:	CNVD-2017-30707	date:	2017-11-03T00:00:00