Details of VAR-201808-1046

ID

VAR-201808-1046

TITLE

Taian Technology TP03-software V21 has a memory read out of bounds vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-16072

DESCRIPTION

TP03-software V21 is a programmable controller. Taian Technology TP03-Software V21 has a memory read out-of-bounds vulnerability. The vulnerability is due to the failure of TP03-software to read the malformed project to verify that the function pointer is available. An attacker could use the vulnerability to cause the memory read to cross the boundary and cause a denial of service

Trust: 0.72

sources: CNVD: CNVD-2018-16072 // IVD: e2f88742-39ab-11e9-b37c-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f88742-39ab-11e9-b37c-000c29342cb1 // CNVD: CNVD-2018-16072

AFFECTED PRODUCTS

vendor:	taian	model:	technology co. ltd.tp03-software	scope:	eq	version:	v21	Trust: 0.6
vendor:	taian wuxi	model:	tp03- software	scope:	eq	version:	v21	Trust: 0.2

sources: IVD: e2f88742-39ab-11e9-b37c-000c29342cb1 // CNVD: CNVD-2018-16072

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-16072
value:	MEDIUM
Trust: 0.6
IVD:	e2f88742-39ab-11e9-b37c-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-16072
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f88742-39ab-11e9-b37c-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f88742-39ab-11e9-b37c-000c29342cb1 // CNVD: CNVD-2018-16072

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: e2f88742-39ab-11e9-b37c-000c29342cb1

PATCH

title:

tp3-pclink has a memory read out-of-bounds vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/133975

Trust: 0.6

sources: CNVD: CNVD-2018-16072

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-16072	Trust: 0.8
db:	IVD	id:	E2F88742-39AB-11E9-B37C-000C29342CB1	Trust: 0.2

sources: IVD: e2f88742-39ab-11e9-b37c-000c29342cb1 // CNVD: CNVD-2018-16072

SOURCES

db:	IVD	id:	e2f88742-39ab-11e9-b37c-000c29342cb1
db:	CNVD	id:	CNVD-2018-16072

LAST UPDATE DATE

2022-05-17T01:57:39.741000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-16072

date:

2018-08-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f88742-39ab-11e9-b37c-000c29342cb1	date:	2018-08-24T00:00:00
db:	CNVD	id:	CNVD-2018-16072	date:	2018-08-25T00:00:00