Details of VAR-201807-2222

ID

VAR-201807-2222

TITLE

NA-VIEW has a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-13549

DESCRIPTION

Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. NA-VIEW has a memory corruption vulnerability. The vulnerability is caused by NA-VIEW's failure to determine whether the return value of the GetNext function is legal when analyzing the project. Attackers can exploit vulnerabilities to cause software to crash by constructing illegal data passed into functions

Trust: 0.72

sources: CNVD: CNVD-2018-13549 // IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1 // CNVD: CNVD-2018-13549

AFFECTED PRODUCTS

vendor:	nandao jiangsu	model:	na-view touch screen configuration software	scope:	eq	version:	v2.0	Trust: 0.6
vendor:	nanda auto jiangsu	model:	na-view touch screen configuration software inch touch screen only)	scope:	eq	version:	(15v2.0	Trust: 0.2

sources: IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1 // CNVD: CNVD-2018-13549

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-13549
value:	MEDIUM
Trust: 0.6
IVD:	e2f775d1-39ab-11e9-aeab-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-13549
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f775d1-39ab-11e9-aeab-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1 // CNVD: CNVD-2018-13549

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1

PATCH

title:

Memory corruption vulnerability in NA-VIEW touch screen configuration software (for 15-inch touch screen only) V2.0

url:

https://www.cnvd.org.cn/patchinfo/show/133633

Trust: 0.6

sources: CNVD: CNVD-2018-13549

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-13549	Trust: 0.8
db:	IVD	id:	E2F775D1-39AB-11E9-AEAB-000C29342CB1	Trust: 0.2

sources: IVD: e2f775d1-39ab-11e9-aeab-000c29342cb1 // CNVD: CNVD-2018-13549

SOURCES

db:	IVD	id:	e2f775d1-39ab-11e9-aeab-000c29342cb1
db:	CNVD	id:	CNVD-2018-13549

LAST UPDATE DATE

2022-05-17T02:08:02.708000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-13549

date:

2018-08-03T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f775d1-39ab-11e9-aeab-000c29342cb1	date:	2018-07-20T00:00:00
db:	CNVD	id:	CNVD-2018-13549	date:	2018-08-19T00:00:00