Details of VAR-201805-1202

ID

VAR-201805-1202

TITLE

MXProgrammer software has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-09453

DESCRIPTION

MXProgrammer software is a windows desktop software of Weihai Meike Electric Technology Co., Ltd. It is used to communicate with its company's MX series PLC products and complete functions such as program writing and downloading. MXProgrammer software has a denial of service vulnerability. mfc120.dll is a dynamic link library under the MXProgrammer software installation path. When opening a malformed project file, MXProgrammer.exe software crashes due to an illegal access error inside mfc120.dll

Trust: 0.72

sources: CNVD: CNVD-2018-09453 // IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1 // CNVD: CNVD-2018-09453

AFFECTED PRODUCTS

vendor:	weihai meike electric	model:	mxprogrammer software	scope:	eq	version:	v1.11.0	Trust: 0.6
vendor:	weihai meike electric	model:	mxprogrammer software	scope:	eq	version:	v1.12.5	Trust: 0.6
vendor:	weihai maike electric	model:	mxprogrammer software	scope:	eq	version:	v1.11.0	Trust: 0.2
vendor:	weihai maike electric	model:	mxprogrammer software	scope:	eq	version:	v1.12.5	Trust: 0.2

sources: IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1 // CNVD: CNVD-2018-09453

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-09453
value:	MEDIUM
Trust: 0.6
IVD:	e2ef115f-39ab-11e9-a38a-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-09453
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ef115f-39ab-11e9-a38a-000c29342cb1
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1 // CNVD: CNVD-2018-09453

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1

PATCH

title:

MXProgrammer software has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/126791

Trust: 0.6

sources: CNVD: CNVD-2018-09453

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-09453	Trust: 0.8
db:	IVD	id:	E2EF115F-39AB-11E9-A38A-000C29342CB1	Trust: 0.2

sources: IVD: e2ef115f-39ab-11e9-a38a-000c29342cb1 // CNVD: CNVD-2018-09453

SOURCES

db:	IVD	id:	e2ef115f-39ab-11e9-a38a-000c29342cb1
db:	CNVD	id:	CNVD-2018-09453

LAST UPDATE DATE

2022-05-17T02:01:03.741000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-09453

date:

2018-05-15T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ef115f-39ab-11e9-a38a-000c29342cb1	date:	2018-05-15T00:00:00
db:	CNVD	id:	CNVD-2018-09453	date:	2018-06-07T00:00:00