Details of VAR-201805-1206

ID

VAR-201805-1206

TITLE

Hollysys LE5109L PLC has information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08784

DESCRIPTION

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys PLC integrated Ethernet, PROFIBUS-DP, RS232, RS485 interfaces have been widely used in power, chemical, metallurgy, energy and other fields. Hollysys LE5109L PLC has an information disclosure vulnerability. The vulnerability originates from Hollysys LE series PLCs that support the modbus protocol and private protocols. Attackers can use the vulnerability to obtain PLC-related data information by sending specific private data packets

Trust: 0.72

sources: CNVD: CNVD-2018-08784 // IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1 // CNVD: CNVD-2018-08784

AFFECTED PRODUCTS

vendor:	hollysys	model:	group hollysys le series controller le5109l	scope:	-	version:	-	Trust: 0.6
vendor:	hollysys	model:	group hollysea le series controller le5109l	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1 // CNVD: CNVD-2018-08784

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08784
value:	MEDIUM
Trust: 0.6
IVD:	e2ee2700-39ab-11e9-b37b-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-08784
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee2700-39ab-11e9-b37b-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1 // CNVD: CNVD-2018-08784

TYPE

Information leakage

Trust: 0.2

sources: IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1

PATCH

title:

Hollysys LE5109L PLC has information disclosure vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125647

Trust: 0.6

sources: CNVD: CNVD-2018-08784

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08784	Trust: 0.8
db:	IVD	id:	E2EE2700-39AB-11E9-B37B-000C29342CB1	Trust: 0.2

sources: IVD: e2ee2700-39ab-11e9-b37b-000c29342cb1 // CNVD: CNVD-2018-08784

SOURCES

db:	IVD	id:	e2ee2700-39ab-11e9-b37b-000c29342cb1
db:	CNVD	id:	CNVD-2018-08784

LAST UPDATE DATE

2022-05-17T02:03:12.959000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08784

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee2700-39ab-11e9-b37b-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08784	date:	2018-05-28T00:00:00