Details of VAR-201710-1435

ID

VAR-201710-1435

TITLE

Haiwell Cloud SCADA Android APP has arbitrary account password reset vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-30708

DESCRIPTION

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co., Ltd. The Haiwell Cloud SCADA Android APP has an arbitrary account password reset vulnerability. The attacker can reset any account password by capturing the bursting verification code

Trust: 0.72

sources: CNVD: CNVD-2017-30708 // IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a // CNVD: CNVD-2017-30708

AFFECTED PRODUCTS

vendor:	-	model:	haiwei cloud scada app android version	scope:	-	version:	-	Trust: 0.6
vendor:	haiwei	model:	haiwell cloud scada app android version	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a // CNVD: CNVD-2017-30708

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-30708
value:	MEDIUM
Trust: 0.6
IVD:	48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2017-30708
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a // CNVD: CNVD-2017-30708

TYPE

Permission permission and access control errors

Trust: 0.2

sources: IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a

PATCH

title:

Haiwell Cloud SCADA System Cloud Configuration Software Android App Has Arbitrary Account Password Reset Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/102641

Trust: 0.6

sources: CNVD: CNVD-2017-30708

EXTERNAL IDS

db:	CNVD	id:	CNVD-2017-30708	Trust: 0.8
db:	IVD	id:	48CBF1FC-F4EB-45CB-BB09-AB9FA750E44A	Trust: 0.2

sources: IVD: 48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a // CNVD: CNVD-2017-30708

SOURCES

db:	IVD	id:	48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a
db:	CNVD	id:	CNVD-2017-30708

LAST UPDATE DATE

2022-05-17T02:08:03.654000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-30708

date:

2017-10-31T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	48cbf1fc-f4eb-45cb-bb09-ab9fa750e44a	date:	2017-10-19T00:00:00
db:	CNVD	id:	CNVD-2017-30708	date:	2017-11-03T00:00:00