Details of VAR-201804-1684

ID

VAR-201804-1684

TITLE

MXProgrammer software has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08432

DESCRIPTION

MXProgrammer software is a windows desktop software of Weihai Meike Electric Technology Co., Ltd. It is used to communicate with its company's MX series PLC products and complete functions such as program writing and downloading. MXProgrammer software has a denial of service vulnerability. When opening a malformed project file, MXProgrammer.exe software may crash due to illegal access errors inside MXResource.dll

Trust: 0.72

sources: CNVD: CNVD-2018-08432 // IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1 // CNVD: CNVD-2018-08432

AFFECTED PRODUCTS

vendor:	weihai meike electric	model:	mxprogrammer software	scope:	eq	version:	v1.11.0	Trust: 0.6
vendor:	weihai meike electric	model:	mxprogrammer software	scope:	eq	version:	v1.12.5	Trust: 0.6
vendor:	weihai maike electric	model:	mxprogrammer software	scope:	eq	version:	v1.11.0	Trust: 0.2
vendor:	weihai maike electric	model:	mxprogrammer software	scope:	eq	version:	v1.12.5	Trust: 0.2

sources: IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1 // CNVD: CNVD-2018-08432

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08432
value:	MEDIUM
Trust: 0.6
IVD:	e2edb1d1-39ab-11e9-a9f0-000c29342cb1
value:	LOW
Trust: 0.2

CNVD:	CNVD-2018-08432
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2edb1d1-39ab-11e9-a9f0-000c29342cb1
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1 // CNVD: CNVD-2018-08432

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1

PATCH

title:

MXProgrammer software has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/126663

Trust: 0.6

sources: CNVD: CNVD-2018-08432

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08432	Trust: 0.8
db:	IVD	id:	E2EDB1D1-39AB-11E9-A9F0-000C29342CB1	Trust: 0.2

sources: IVD: e2edb1d1-39ab-11e9-a9f0-000c29342cb1 // CNVD: CNVD-2018-08432

SOURCES

db:	IVD	id:	e2edb1d1-39ab-11e9-a9f0-000c29342cb1
db:	CNVD	id:	CNVD-2018-08432

LAST UPDATE DATE

2022-05-17T01:47:52.782000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08432

date:

2018-04-30T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2edb1d1-39ab-11e9-a9f0-000c29342cb1	date:	2018-04-26T00:00:00
db:	CNVD	id:	CNVD-2018-08432	date:	2018-06-04T00:00:00