Sign-up

ID

VAR-201804-1685


TITLE

MXProgrammer software has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08410

DESCRIPTION

MXProgrammer software is a windows desktop software of Weihai Meike Electric Technology Co., Ltd. It is used to communicate with its company's MX series PLC products and complete functions such as program writing and downloading. MXProgrammer software has a denial of service vulnerability. The vulnerability is caused by the program not validating the open project file. When an attacker opens a malformed project file, the MXProgrammer.exe program crashes due to an illegal access error

Trust: 0.72

sources: CNVD: CNVD-2018-08410 // IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1 // CNVD: CNVD-2018-08410

AFFECTED PRODUCTS

vendor:weihai meike electricmodel:mxprogrammerscope:eqversion:v1.12.5

Trust: 0.6

vendor:weihai maike electricmodel:mxprogrammerscope:eqversion:v1.12.5

Trust: 0.2

sources: IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1 // CNVD: CNVD-2018-08410

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-08410
value: MEDIUM

Trust: 0.6

IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-08410
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1 // CNVD: CNVD-2018-08410

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1

PATCH

title:MXProgrammer software has a denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/125985

Trust: 0.6

sources: CNVD: CNVD-2018-08410

EXTERNAL IDS

db:CNVDid:CNVD-2018-08410

Trust: 0.8

db:IVDid:E2EDB1CF-39AB-11E9-8036-000C29342CB1

Trust: 0.2

sources: IVD: e2edb1cf-39ab-11e9-8036-000c29342cb1 // CNVD: CNVD-2018-08410

SOURCES

db:IVDid:e2edb1cf-39ab-11e9-8036-000c29342cb1
db:CNVDid:CNVD-2018-08410

LAST UPDATE DATE

2022-05-17T02:09:44.786000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-08410date:2018-04-27T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2edb1cf-39ab-11e9-8036-000c29342cb1date:2018-04-26T00:00:00
db:CNVDid:CNVD-2018-08410date:2018-06-04T00:00:00