Details of VAR-201807-2219

ID

VAR-201807-2219

TITLE

Beijing Hollysys LKS Safety FA-AutoThink Has Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-12499

DESCRIPTION

Beijing Hollysys is a provider of automation and information technology solutions. The company's business is concentrated in three areas: industrial automation, rail transportation automation and medical automation. Beijing Hollysys LKS Safety FA-AutoThink has a denial of service vulnerability. The vulnerability is caused by the GetElement function in Ldmdl.dll failing to process the number of malformed elements 0xf9. An attacker could exploit the vulnerability to cause an assignment null pointer to appear, resulting in a denial of service vulnerability

Trust: 0.72

sources: CNVD: CNVD-2018-12499 // IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1 // CNVD: CNVD-2018-12499

AFFECTED PRODUCTS

vendor:	-	model:	hollysys safety fa-autothink	scope:	-	version:	-	Trust: 0.6
vendor:	-	model:	hollysys group safety fa-autothink	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1 // CNVD: CNVD-2018-12499

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-12499
value:	MEDIUM
Trust: 0.6
IVD:	e2f74ec1-39ab-11e9-b1df-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-12499
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f74ec1-39ab-11e9-b1df-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1 // CNVD: CNVD-2018-12499

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1

PATCH

title:

Hollysys LKS Safety FA-AutoThink Has Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/132157

Trust: 0.6

sources: CNVD: CNVD-2018-12499

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-12499	Trust: 0.8
db:	IVD	id:	E2F74EC1-39AB-11E9-B1DF-000C29342CB1	Trust: 0.2

sources: IVD: e2f74ec1-39ab-11e9-b1df-000c29342cb1 // CNVD: CNVD-2018-12499

SOURCES

db:	IVD	id:	e2f74ec1-39ab-11e9-b1df-000c29342cb1
db:	CNVD	id:	CNVD-2018-12499

LAST UPDATE DATE

2022-05-17T01:46:23.236000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-12499

date:

2018-08-03T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f74ec1-39ab-11e9-b1df-000c29342cb1	date:	2018-07-04T00:00:00
db:	CNVD	id:	CNVD-2018-12499	date:	2018-07-30T00:00:00