Details of VAR-201805-1196

ID

VAR-201805-1196

TITLE

Hollysys LE5109L PLC Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08757

DESCRIPTION

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys PLC integrated Ethernet, PROFIBUS-DP, RS232, RS485 interfaces have been widely used in power, chemical, metallurgy, energy and other fields. Hollysys LE5109L PLC has a denial of service vulnerability. The vulnerability originates from Hollysys LE series PLCs supporting modbus protocol and private protocol. Attackers can use the vulnerability to cause the PLC to deny service by constructing specific modbus data packets

Trust: 0.72

sources: CNVD: CNVD-2018-08757 // IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1 // CNVD: CNVD-2018-08757

AFFECTED PRODUCTS

vendor:	hollysys	model:	group hollysys le series controller le5109l	scope:	-	version:	-	Trust: 0.6
vendor:	hollysys	model:	group hollysea le series controller le5109l	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1 // CNVD: CNVD-2018-08757

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08757
value:	HIGH
Trust: 0.6
IVD:	e2ee7522-39ab-11e9-97bf-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08757
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee7522-39ab-11e9-97bf-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1 // CNVD: CNVD-2018-08757

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1

PATCH

title:

Hollysys LE5109L PLC Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125651

Trust: 0.6

sources: CNVD: CNVD-2018-08757

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08757	Trust: 0.8
db:	IVD	id:	E2EE7522-39AB-11E9-97BF-000C29342CB1	Trust: 0.2

sources: IVD: e2ee7522-39ab-11e9-97bf-000c29342cb1 // CNVD: CNVD-2018-08757

SOURCES

db:	IVD	id:	e2ee7522-39ab-11e9-97bf-000c29342cb1
db:	CNVD	id:	CNVD-2018-08757

LAST UPDATE DATE

2022-05-17T01:57:40.140000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08757

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee7522-39ab-11e9-97bf-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08757	date:	2018-05-28T00:00:00