Details of VAR-201806-1805

ID

VAR-201806-1805

TITLE

Sifang CSI-200EA measurement control device IP protocol fragment has denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-12361

DESCRIPTION

CSI-200EA measurement control device is mainly used in substation automation systems with voltage levels of 110kV and above. There is a denial of service vulnerability in the IP protocol fragment of the Quartet CSI-200EA measurement and control device. By sending illegal IP fragment packets, an attacker can cause the network function of the device to enter an unstable state, which in turn can cause the device to become abnormal and enter an intermittent network service interruption state

Trust: 0.72

sources: CNVD: CNVD-2018-12361 // IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1 // CNVD: CNVD-2018-12361

AFFECTED PRODUCTS

vendor:	sifang jibao automation	model:	csi-200ea measurement control device	scope:	-	version:	-	Trust: 0.6
vendor:	sifang jibao automation	model:	csi-200ea measurement control device	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1 // CNVD: CNVD-2018-12361

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-12361
value:	MEDIUM
Trust: 0.6
IVD:	e2f5ef30-39ab-11e9-bcad-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-12361
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f5ef30-39ab-11e9-bcad-000c29342cb1
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1 // CNVD: CNVD-2018-12361

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-12361	Trust: 0.8
db:	IVD	id:	E2F5EF30-39AB-11E9-BCAD-000C29342CB1	Trust: 0.2

sources: IVD: e2f5ef30-39ab-11e9-bcad-000c29342cb1 // CNVD: CNVD-2018-12361

SOURCES

db:	IVD	id:	e2f5ef30-39ab-11e9-bcad-000c29342cb1
db:	CNVD	id:	CNVD-2018-12361

LAST UPDATE DATE

2022-05-17T01:36:15.750000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-12361

date:

2018-06-29T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f5ef30-39ab-11e9-bcad-000c29342cb1	date:	2018-06-29T00:00:00
db:	CNVD	id:	CNVD-2018-12361	date:	2018-07-19T00:00:00