Details of VAR-201801-1717

ID

VAR-201801-1717

TITLE

Force Control Technology ForceControl V7.2 Product NetServer.exe Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-00855

DESCRIPTION

ForceControl is the configuration software developed by Force Control Technology for the general monitoring configuration software market. As the basic platform software in industrial automation software, it can provide solutions for various industries. ForceControl Technology's ForceControl V7.2 product NetServer.exe has a denial of service vulnerability. By sending random TCP packets, the attacker can cause the target memory, handles, and thread count to soar, and eventually cause the program to exit (within 1 minute)

Trust: 0.72

sources: CNVD: CNVD-2018-00855 // IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1 // CNVD: CNVD-2018-00855

AFFECTED PRODUCTS

vendor:	force control yuantong	model:	forcecontrol	scope:	eq	version:	v7.2	Trust: 0.6
vendor:	likong yuantong	model:	forcecontrol	scope:	eq	version:	v7.2	Trust: 0.2

sources: IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1 // CNVD: CNVD-2018-00855

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00855
value:	MEDIUM
Trust: 0.6
IVD:	e2f7c3ef-39ab-11e9-a362-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-00855
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f7c3ef-39ab-11e9-a362-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1 // CNVD: CNVD-2018-00855

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1

PATCH

title:

Force Control Technology's ForceServer7.2 Product NetServer.exe Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/112363

Trust: 0.6

sources: CNVD: CNVD-2018-00855

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-00855	Trust: 0.8
db:	IVD	id:	E2F7C3EF-39AB-11E9-A362-000C29342CB1	Trust: 0.2

sources: IVD: e2f7c3ef-39ab-11e9-a362-000c29342cb1 // CNVD: CNVD-2018-00855

SOURCES

db:	IVD	id:	e2f7c3ef-39ab-11e9-a362-000c29342cb1
db:	CNVD	id:	CNVD-2018-00855

LAST UPDATE DATE

2022-05-17T01:57:40.607000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00855

date:

2018-08-20T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f7c3ef-39ab-11e9-a362-000c29342cb1	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-00855	date:	2018-02-12T00:00:00