Details of VAR-201801-1715

ID

VAR-201801-1715

TITLE

Integrity VT Designer has a logic hole

Trust: 0.6

sources: CNVD: CNVD-2018-01008

DESCRIPTION

Yingwei Teng is a key high-tech enterprise of the National Torch Program. It relies on power electronics, automatic control and information technology. Its business covers industrial automation, new energy vehicles, network energy and rail transportation. There is a logic vulnerability in the VTDesigner, which is due to the Compare function failing to compare the project file label CTagGroup. An attacker could exploit the vulnerability to make the memory address anomalous, causing the program to refuse service

Trust: 0.72

sources: CNVD: CNVD-2018-01008 // IVD: e2e1f200-39ab-11e9-8741-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2e1f200-39ab-11e9-8741-000c29342cb1 // CNVD: CNVD-2018-01008

AFFECTED PRODUCTS

vendor:	yingweiteng electric	model:	vt designer	scope:	eq	version:	v2.1.7.31	Trust: 0.6
vendor:	invt electric	model:	vt designer	scope:	eq	version:	v2.1.7.31	Trust: 0.2

sources: IVD: e2e1f200-39ab-11e9-8741-000c29342cb1 // CNVD: CNVD-2018-01008

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-01008
value:	LOW
Trust: 0.6
IVD:	e2e1f200-39ab-11e9-8741-000c29342cb1
value:	LOW
Trust: 0.2

CNVD:	CNVD-2018-01008
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e1f200-39ab-11e9-8741-000c29342cb1
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2e1f200-39ab-11e9-8741-000c29342cb1 // CNVD: CNVD-2018-01008

TYPE

Handling logic errors

Trust: 0.2

sources: IVD: e2e1f200-39ab-11e9-8741-000c29342cb1

PATCH

title:

Invitro tvdesigner has code logic loopholes

url:

https://www.cnvd.org.cn/patchinfo/show/112789

Trust: 0.6

sources: CNVD: CNVD-2018-01008

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-01008	Trust: 0.8
db:	IVD	id:	E2E1F200-39AB-11E9-8741-000C29342CB1	Trust: 0.2

sources: IVD: e2e1f200-39ab-11e9-8741-000c29342cb1 // CNVD: CNVD-2018-01008

SOURCES

db:	IVD	id:	e2e1f200-39ab-11e9-8741-000c29342cb1
db:	CNVD	id:	CNVD-2018-01008

LAST UPDATE DATE

2022-05-17T02:08:57.168000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-01008

date:

2018-01-17T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2e1f200-39ab-11e9-8741-000c29342cb1	date:	2018-01-16T00:00:00
db:	CNVD	id:	CNVD-2018-01008	date:	2018-02-19T00:00:00