Details of VAR-201807-2226

ID

VAR-201807-2226

TITLE

INVT VS Series human-machine interface programming software has a memory read out-of-bounds vulnerability

Trust: 0.8

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1 // CNVD: CNVD-2018-12585

DESCRIPTION

Shenzhen INVT Electric Co., Ltd. is a product and service provider in the fields of electrical transmission, industrial control and new energy. The INVT VS series HMI programming software has a memory read out-of-bounds vulnerability. The vulnerability is caused by the failure of the file to verify the header of the project file. Attackers can use the vulnerability to cause memory reads to cross the boundary, causing a denial of service vulnerability. If the vulnerability is successfully exploited, it may also cause arbitrary code execution

Trust: 0.72

sources: CNVD: CNVD-2018-12585 // IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1 // CNVD: CNVD-2018-12585

AFFECTED PRODUCTS

vendor:	invt electric	model:	vs series human-machine interface programming software	scope:	eq	version:	v6.0.4.2	Trust: 0.6
vendor:	invt electric	model:	vs series hmi programming software	scope:	eq	version:	v6.0.4.2	Trust: 0.2

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1 // CNVD: CNVD-2018-12585

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-12585
value:	MEDIUM
Trust: 0.6
IVD:	e2f775d2-39ab-11e9-ae7b-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-12585
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f775d2-39ab-11e9-ae7b-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1 // CNVD: CNVD-2018-12585

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1

PATCH

title:

NVIDIA HMITool has a memory read out of bound vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/132593

Trust: 0.6

sources: CNVD: CNVD-2018-12585

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-12585	Trust: 0.8
db:	IVD	id:	E2F775D2-39AB-11E9-AE7B-000C29342CB1	Trust: 0.2

sources: IVD: e2f775d2-39ab-11e9-ae7b-000c29342cb1 // CNVD: CNVD-2018-12585

SOURCES

db:	IVD	id:	e2f775d2-39ab-11e9-ae7b-000c29342cb1
db:	CNVD	id:	CNVD-2018-12585

LAST UPDATE DATE

2022-05-17T02:01:03.477000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-12585

date:

2018-08-03T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f775d2-39ab-11e9-ae7b-000c29342cb1	date:	2018-07-05T00:00:00
db:	CNVD	id:	CNVD-2018-12585	date:	2018-08-06T00:00:00