Sign-up

ID

VAR-201807-2223


TITLE

Wecon PLC editor has a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-13413

DESCRIPTION

Fuzhou Fuchang Weikong Electronic Technology Co., Ltd. is a technology company engaged in research, development and sales of products in the field of automation. Wecon PLC editor has a memory corruption vulnerability. The vulnerability is due to the need to call Tinyxml.dll when the program parses the project file and fails to parse the xml in the project file correctly. An attacker could exploit the vulnerability to cause memory corruption

Trust: 0.72

sources: CNVD: CNVD-2018-13413 // IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1 // CNVD: CNVD-2018-13413

AFFECTED PRODUCTS

vendor:fuzhou fuchang weikong electronicmodel:wecon plc editorscope:eqversion:v1.3.3

Trust: 0.6

vendor:fuzhou fuchang weikong electronicmodel:wecon plc editor plc programming software chinese and english)scope:eqversion:(v1.3.3

Trust: 0.2

sources: IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1 // CNVD: CNVD-2018-13413

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-13413
value: MEDIUM

Trust: 0.6

IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-13413
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1 // CNVD: CNVD-2018-13413

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1

PATCH

title:Wecon PLC editor has a memory corruption vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/133335

Trust: 0.6

sources: CNVD: CNVD-2018-13413

EXTERNAL IDS

db:CNVDid:CNVD-2018-13413

Trust: 0.8

db:IVDid:E2F727B0-39AB-11E9-9A84-000C29342CB1

Trust: 0.2

sources: IVD: e2f727b0-39ab-11e9-9a84-000c29342cb1 // CNVD: CNVD-2018-13413

SOURCES

db:IVDid:e2f727b0-39ab-11e9-9a84-000c29342cb1
db:CNVDid:CNVD-2018-13413

LAST UPDATE DATE

2022-05-17T01:52:35.132000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-13413date:2018-07-27T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2f727b0-39ab-11e9-9a84-000c29342cb1date:2018-07-18T00:00:00
db:CNVDid:CNVD-2018-13413date:2018-08-17T00:00:00