Details of VAR-201802-1342

ID

VAR-201802-1342

TITLE

Asia Control Technology KingView HistorySvr.exe Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-02901

DESCRIPTION

KingView 7.5 SP1 is the latest version of Kingview series, which provides strong support for users to improve engineering configuration efficiency and reduce project implementation costs. HistorySvr.exe in KingView 7.5 SP1 has a denial of service vulnerability. The vulnerability is caused by reading a null pointer in the king.dll dynamic link library. Allowing remote attackers to submit socket requests containing special bytes, causing History.exe to crash. When the user closes the main program Touchvew and opens and runs Touchvew again, the history library is prompted: Failed to open the project mapped memory area. The vulnerability also exists in Kingview 6.6 SP2

Trust: 0.72

sources: CNVD: CNVD-2018-02901 // IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1 // CNVD: CNVD-2018-02901

AFFECTED PRODUCTS

vendor:	yakong	model:	kingview sp2	scope:	eq	version:	6.6	Trust: 0.6
vendor:	yakong	model:	kingview 7.5sp1	scope:	-	version:	-	Trust: 0.6
vendor:	yakong	model:	kingview( kingview 7.5sp1	scope:	eq	version:	)*	Trust: 0.2
vendor:	yakong	model:	kingview( kingview sp2	scope:	eq	version:	)6.6*	Trust: 0.2

sources: IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1 // CNVD: CNVD-2018-02901

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-02901
value:	MEDIUM
Trust: 0.6
IVD:	e2e9e140-39ab-11e9-9b32-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-02901
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e9e140-39ab-11e9-9b32-000c29342cb1
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1 // CNVD: CNVD-2018-02901

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1

PATCH

title:

Asia Control King's HistorySvr.exe Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/115545

Trust: 0.6

sources: CNVD: CNVD-2018-02901

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-02901	Trust: 0.8
db:	IVD	id:	E2E9E140-39AB-11E9-9B32-000C29342CB1	Trust: 0.2

sources: IVD: e2e9e140-39ab-11e9-9b32-000c29342cb1 // CNVD: CNVD-2018-02901

SOURCES

db:	IVD	id:	e2e9e140-39ab-11e9-9b32-000c29342cb1
db:	CNVD	id:	CNVD-2018-02901

LAST UPDATE DATE

2022-05-17T01:50:55.914000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-02901

date:

2018-03-27T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2e9e140-39ab-11e9-9b32-000c29342cb1	date:	2018-02-07T00:00:00
db:	CNVD	id:	CNVD-2018-02901	date:	2018-03-15T00:00:00