Details of VAR-201804-1686

ID

VAR-201804-1686

TITLE

Remote Code Execution Vulnerability in KingView

Trust: 0.6

sources: CNVD: CNVD-2018-08160

DESCRIPTION

KingView is the first domestic company to launch industrial configuration software products. The ActiveX component included in the KingView product has a remote code execution vulnerability when processing the "SetProjectPath" property. Allows remote attackers to exploit vulnerabilities to build malicious web pages, enticing users to parse, and download and execute arbitrary code

Trust: 0.72

sources: CNVD: CNVD-2018-08160 // IVD: e2ec5240-39ab-11e9-a521-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ec5240-39ab-11e9-a521-000c29342cb1 // CNVD: CNVD-2018-08160

AFFECTED PRODUCTS

vendor:	yakong	model:	kingview 7.5sp1	scope:	-	version:	-	Trust: 0.6
vendor:	yakong	model:	kingview kv6.60 sp2	scope:	-	version:	-	Trust: 0.6
vendor:	yakong	model:	kingview( kingview 7.5sp1	scope:	eq	version:	)*	Trust: 0.2
vendor:	yakong	model:	kingview( kingview k sp2	scope:	eq	version:	)v6.60	Trust: 0.2

sources: IVD: e2ec5240-39ab-11e9-a521-000c29342cb1 // CNVD: CNVD-2018-08160

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08160
value:	HIGH
Trust: 0.6
IVD:	e2ec5240-39ab-11e9-a521-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08160
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ec5240-39ab-11e9-a521-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ec5240-39ab-11e9-a521-000c29342cb1 // CNVD: CNVD-2018-08160

TYPE

Code injection

Trust: 0.2

sources: IVD: e2ec5240-39ab-11e9-a521-000c29342cb1

PATCH

title:

Remote Code Execution Vulnerability in KingView

url:

https://www.cnvd.org.cn/patchinfo/show/125281

Trust: 0.6

sources: CNVD: CNVD-2018-08160

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08160	Trust: 0.8
db:	IVD	id:	E2EC5240-39AB-11E9-A521-000C29342CB1	Trust: 0.2

sources: IVD: e2ec5240-39ab-11e9-a521-000c29342cb1 // CNVD: CNVD-2018-08160

SOURCES

db:	IVD	id:	e2ec5240-39ab-11e9-a521-000c29342cb1
db:	CNVD	id:	CNVD-2018-08160

LAST UPDATE DATE

2022-05-17T01:47:52.767000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08160

date:

2018-04-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ec5240-39ab-11e9-a521-000c29342cb1	date:	2018-04-24T00:00:00
db:	CNVD	id:	CNVD-2018-08160	date:	2018-05-25T00:00:00