Details of VAR-201808-1044

ID

VAR-201808-1044

TITLE

Tai'an Technology SG2 software has a memory read out-of-bounds vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-16073

DESCRIPTION

Taian Technology (Wuxi) Co., Ltd. is a manufacturer, sales and R & D of a series of industrial control and low voltage electrical and power distribution products, namely electronics and component products. There is a memory read out-of-bounds vulnerability in Taian SG2 software. This vulnerability is due to the failure of SG2 software to verify the availability of function pointers when reading malformed projects. An attacker could use the vulnerability to cause memory reads to cross boundaries and cause denial of service

Trust: 0.72

sources: CNVD: CNVD-2018-16073 // IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1 // CNVD: CNVD-2018-16073

AFFECTED PRODUCTS

vendor:	taian	model:	technology co. ltd.sg2 software	scope:	eq	version:	3.3	Trust: 0.6
vendor:	taian wuxi	model:	sg2 software	scope:	eq	version:	3.3	Trust: 0.2

sources: IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1 // CNVD: CNVD-2018-16073

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-16073
value:	MEDIUM
Trust: 0.6
IVD:	e2f88741-39ab-11e9-a0c9-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-16073
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f88741-39ab-11e9-a0c9-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1 // CNVD: CNVD-2018-16073

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1

PATCH

title:

SG2 software has a memory read out-of-bounds vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/133979

Trust: 0.6

sources: CNVD: CNVD-2018-16073

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-16073	Trust: 0.8
db:	IVD	id:	E2F88741-39AB-11E9-A0C9-000C29342CB1	Trust: 0.2

sources: IVD: e2f88741-39ab-11e9-a0c9-000c29342cb1 // CNVD: CNVD-2018-16073

SOURCES

db:	IVD	id:	e2f88741-39ab-11e9-a0c9-000c29342cb1
db:	CNVD	id:	CNVD-2018-16073

LAST UPDATE DATE

2022-05-17T01:55:46.529000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-16073

date:

2018-08-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f88741-39ab-11e9-a0c9-000c29342cb1	date:	2018-08-24T00:00:00
db:	CNVD	id:	CNVD-2018-16073	date:	2018-08-25T00:00:00