Details of VAR-201808-1045

ID

VAR-201808-1045

TITLE

Taian Technology AP-PCLINK setup V1.5 has a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-16074

DESCRIPTION

AP series is a new generation of programmable controller (PLC) newly developed by Taian Technology. Taian Technology AP-PCLINK setup V1.5 has a memory corruption vulnerability. This vulnerability is due to the failure of AP-PCLINK to read the malformed project to verify the availability of the function pointer. An attacker could exploit the vulnerability to cause the null pointer memory to be read, causing memory corruption

Trust: 0.72

sources: CNVD: CNVD-2018-16074 // IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1 // CNVD: CNVD-2018-16074

AFFECTED PRODUCTS

vendor:	taian	model:	technology co. ltd.ap-pclink setup	scope:	eq	version:	v1.15	Trust: 0.6
vendor:	taian wuxi	model:	ap-pclink setup	scope:	eq	version:	v1.15	Trust: 0.2

sources: IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1 // CNVD: CNVD-2018-16074

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-16074
value:	MEDIUM
Trust: 0.6
IVD:	e2f8ae4f-39ab-11e9-88c8-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-16074
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f8ae4f-39ab-11e9-88c8-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1 // CNVD: CNVD-2018-16074

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1

PATCH

title:

A memory corruption vulnerability exists in ap-pclink

url:

https://www.cnvd.org.cn/patchinfo/show/133947

Trust: 0.6

sources: CNVD: CNVD-2018-16074

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-16074	Trust: 0.8
db:	IVD	id:	E2F8AE4F-39AB-11E9-88C8-000C29342CB1	Trust: 0.2

sources: IVD: e2f8ae4f-39ab-11e9-88c8-000c29342cb1 // CNVD: CNVD-2018-16074

SOURCES

db:	IVD	id:	e2f8ae4f-39ab-11e9-88c8-000c29342cb1
db:	CNVD	id:	CNVD-2018-16074

LAST UPDATE DATE

2022-05-17T02:08:02.612000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-16074

date:

2018-08-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f8ae4f-39ab-11e9-88c8-000c29342cb1	date:	2018-08-24T00:00:00
db:	CNVD	id:	CNVD-2018-16074	date:	2018-08-25T00:00:00