Details of VAR-201803-2305

ID

VAR-201803-2305

TITLE

INVT Studio has DLL hijacking vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-04886

DESCRIPTION

INVT Studio is a configuration software used to configure and monitor INVT inverters. There is a DLL hijacking vulnerability in INVT Studio. This vulnerability is caused by the failure to specify an absolute path for the DLL included in the INVT Studio application. It allows an attacker to use the vulnerability to build a malicious application, place it in a specific path, and cause the application to maliciously load the DLL and execute it

Trust: 0.72

sources: CNVD: CNVD-2018-04886 // IVD: e2e57470-39ab-11e9-9d94-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e57470-39ab-11e9-9d94-000c29342cb1 // CNVD: CNVD-2018-04886

AFFECTED PRODUCTS

vendor:	invt studio	model:	invt studio	scope:	eq	version:	v1.2.0	Trust: 0.6
vendor:	invt electric	model:	studio	scope:	eq	version:	v1.2.0	Trust: 0.2

sources: IVD: e2e57470-39ab-11e9-9d94-000c29342cb1 // CNVD: CNVD-2018-04886

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-04886
value:	MEDIUM
Trust: 0.6
IVD:	e2e57470-39ab-11e9-9d94-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-04886
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e57470-39ab-11e9-9d94-000c29342cb1
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2e57470-39ab-11e9-9d94-000c29342cb1 // CNVD: CNVD-2018-04886

TYPE

Code injection

Trust: 0.2

sources: IVD: e2e57470-39ab-11e9-9d94-000c29342cb1

PATCH

title:

Other vulnerabilities in INVT Studio

url:

https://www.cnvd.org.cn/patchinfo/show/119535

Trust: 0.6

sources: CNVD: CNVD-2018-04886

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-04886	Trust: 0.8
db:	IVD	id:	E2E57470-39AB-11E9-9D94-000C29342CB1	Trust: 0.2

sources: IVD: e2e57470-39ab-11e9-9d94-000c29342cb1 // CNVD: CNVD-2018-04886

SOURCES

db:	IVD	id:	e2e57470-39ab-11e9-9d94-000c29342cb1
db:	CNVD	id:	CNVD-2018-04886

LAST UPDATE DATE

2022-05-17T01:55:47.105000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-04886

date:

2018-03-14T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2e57470-39ab-11e9-9d94-000c29342cb1	date:	2018-03-12T00:00:00
db:	CNVD	id:	CNVD-2018-04886	date:	2018-04-13T00:00:00