Details of VAR-201802-1244

ID

VAR-201802-1244

CVE

CVE-2018-7471

TITLE

KingView Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002331

DESCRIPTION

KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations. KingView Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. KingView is the first domestic company to launch industrial configuration software products. Asian Control Technology KingView has an integer overflow vulnerability. This vulnerability is due to stgopenstorage read failure, and the returned error code is beyond the scope of int on 32-bit systems. An attacker could use this vulnerability to execute arbitrary code

Trust: 2.34

sources: NVD: CVE-2018-7471 // JVNDB: JVNDB-2018-002331 // CNVD: CNVD-2018-00995 // IVD: e2e6d401-39ab-11e9-8f1d-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e6d401-39ab-11e9-8f1d-000c29342cb1 // CNVD: CNVD-2018-00995

AFFECTED PRODUCTS

vendor:	bj tct	model:	kingview	scope:	eq	version:	7.5	Trust: 1.6
vendor:	wellintech	model:	kingview	scope:	eq	version:	7.5sp1	Trust: 0.8
vendor:	yakong	model:	kingview 7.5sp1	scope:	-	version:	-	Trust: 0.6
vendor:	kingview	model:	-	scope:	eq	version:	7.5	Trust: 0.2

sources: IVD: e2e6d401-39ab-11e9-8f1d-000c29342cb1 // CNVD: CNVD-2018-00995 // JVNDB: JVNDB-2018-002331 // CNNVD: CNNVD-201802-621 // NVD: CVE-2018-7471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7471
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7471
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-00995
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201802-621
value:	HIGH
Trust: 0.6
IVD:	e2e6d401-39ab-11e9-8f1d-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-7471
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-00995
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e6d401-39ab-11e9-8f1d-000c29342cb1
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7471
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e6d401-39ab-11e9-8f1d-000c29342cb1 // CNVD: CNVD-2018-00995 // JVNDB: JVNDB-2018-002331 // CNNVD: CNNVD-201802-621 // NVD: CVE-2018-7471

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2018-002331 // NVD: CVE-2018-7471

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-621

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201802-621

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002331

PATCH

title:	KingView (1000656)	url:	http://www.kingview.com/news_info.php?num=1000656	Trust: 0.8
title:	Asian Controlling King has an integer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/112771	Trust: 0.6

sources: CNVD: CNVD-2018-00995 // JVNDB: JVNDB-2018-002331

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7471	Trust: 3.2
db:	CNVD	id:	CNVD-2018-00995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-621	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-002331	Trust: 0.8
db:	IVD	id:	E2E6D401-39AB-11E9-8F1D-000C29342CB1	Trust: 0.2

sources: IVD: e2e6d401-39ab-11e9-8f1d-000c29342cb1 // CNVD: CNVD-2018-00995 // JVNDB: JVNDB-2018-002331 // CNNVD: CNNVD-201802-621 // NVD: CVE-2018-7471

REFERENCES

url:	http://www.cnvd.org.cn/flaw/show/1202823	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7471	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7471	Trust: 0.8

sources: JVNDB: JVNDB-2018-002331 // CNNVD: CNNVD-201802-621 // NVD: CVE-2018-7471

SOURCES

db:	IVD	id:	e2e6d401-39ab-11e9-8f1d-000c29342cb1
db:	CNVD	id:	CNVD-2018-00995
db:	JVNDB	id:	JVNDB-2018-002331
db:	CNNVD	id:	CNNVD-201802-621
db:	NVD	id:	CVE-2018-7471

LAST UPDATE DATE

2024-11-23T21:53:21.840000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-00995	date:	2018-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002331	date:	2018-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-621	date:	2018-02-26T00:00:00
db:	NVD	id:	CVE-2018-7471	date:	2024-11-21T04:12:11.593

SOURCES RELEASE DATE

db:	IVD	id:	e2e6d401-39ab-11e9-8f1d-000c29342cb1	date:	2018-01-15T00:00:00
db:	CNVD	id:	CNVD-2018-00995	date:	2018-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-002331	date:	2018-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-621	date:	2018-02-26T00:00:00
db:	NVD	id:	CVE-2018-7471	date:	2018-02-25T07:29:00.337