Details of VAR-201801-1716

ID

VAR-201801-1716

TITLE

ForceControl has a code execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01002

DESCRIPTION

ForceControl is the configuration software developed by Force Control Technology for the general monitoring configuration software market. As the basic platform software in industrial automation software, it can provide solutions for various industries. There is a code execution vulnerability in ForceControl. This vulnerability is due to the function assignment of the reserved structure parameters, which causes the execution of the wrong code and causes the program to crash. An attacker could use this vulnerability to cause arbitrary code execution

Trust: 0.72

sources: CNVD: CNVD-2018-01002 // IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1 // CNVD: CNVD-2018-01002

AFFECTED PRODUCTS

vendor:	3d force control	model:	forcecontrol	scope:	eq	version:	v7.2	Trust: 0.6
vendor:	sanwei power control	model:	forcecontrol	scope:	eq	version:	v7.2	Trust: 0.2

sources: IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1 // CNVD: CNVD-2018-01002

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-01002
value:	LOW
Trust: 0.6
IVD:	e2e1a3e1-39ab-11e9-a04b-000c29342cb1
value:	LOW
Trust: 0.2

CNVD:	CNVD-2018-01002
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e1a3e1-39ab-11e9-a04b-000c29342cb1
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1 // CNVD: CNVD-2018-01002

TYPE

Code injection

Trust: 0.2

sources: IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1

PATCH

title:

ForceControl 7.2 / 7.1 has code execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/112347

Trust: 0.6

sources: CNVD: CNVD-2018-01002

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-01002	Trust: 0.8
db:	IVD	id:	E2E1A3E1-39AB-11E9-A04B-000C29342CB1	Trust: 0.2

sources: IVD: e2e1a3e1-39ab-11e9-a04b-000c29342cb1 // CNVD: CNVD-2018-01002

SOURCES

db:	IVD	id:	e2e1a3e1-39ab-11e9-a04b-000c29342cb1
db:	CNVD	id:	CNVD-2018-01002

LAST UPDATE DATE

2022-05-17T01:55:47.366000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-01002

date:

2018-01-16T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2e1a3e1-39ab-11e9-a04b-000c29342cb1	date:	2018-01-16T00:00:00
db:	CNVD	id:	CNVD-2018-01002	date:	2018-02-16T00:00:00