Details of VAR-201805-1194

ID

VAR-201805-1194

TITLE

Hollysys LE5109L PLC Denial of Service Vulnerability (CNVD-2018-08756)

Trust: 0.6

sources: CNVD: CNVD-2018-08756

DESCRIPTION

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys PLC integrated Ethernet, PROFIBUS-DP, RS232, RS485 interfaces have been widely used in power, chemical, metallurgy, energy and other fields. Hollysys LE5109L PLC has a denial of service vulnerability. The vulnerability originates from Hollysys LE series PLCs that support the modbus protocol and private protocols. Attackers can use the vulnerability to cause the PLC to deny service by constructing specific private data packets

Trust: 0.72

sources: CNVD: CNVD-2018-08756 // IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1 // CNVD: CNVD-2018-08756

AFFECTED PRODUCTS

vendor:	hollysys	model:	group hollysys le series controller le5109l	scope:	-	version:	-	Trust: 0.6
vendor:	hollysys	model:	group hollysea le series controller le5109l	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1 // CNVD: CNVD-2018-08756

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08756
value:	HIGH
Trust: 0.6
IVD:	e2ee9c30-39ab-11e9-a32c-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08756
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee9c30-39ab-11e9-a32c-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1 // CNVD: CNVD-2018-08756

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1

PATCH

title:

Hollysys LE5109L PLC Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125813

Trust: 0.6

sources: CNVD: CNVD-2018-08756

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08756	Trust: 0.8
db:	IVD	id:	E2EE9C30-39AB-11E9-A32C-000C29342CB1	Trust: 0.2

sources: IVD: e2ee9c30-39ab-11e9-a32c-000c29342cb1 // CNVD: CNVD-2018-08756

SOURCES

db:	IVD	id:	e2ee9c30-39ab-11e9-a32c-000c29342cb1
db:	CNVD	id:	CNVD-2018-08756

LAST UPDATE DATE

2022-05-17T02:05:49.510000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08756

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee9c30-39ab-11e9-a32c-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08756	date:	2018-05-28T00:00:00