Sign-up

ID

VAR-201809-1201


TITLE

Memory corruption vulnerability in INVT VS series human-machine interface programming software (HMITool6.0)

Trust: 0.6

sources: CNVD: CNVD-2018-17411

DESCRIPTION

INVT is a key high-tech enterprise of the National Torch Plan. Its main products include high, medium and low voltage inverters, elevator intelligent control systems, servo systems, PLC, HMI, motors and electric spindles, SVG, UPS, photovoltaic inverters, energy saving and reduction Ranking online management system, rail transit traction system, new energy vehicle electronic control system, etc. INVT VS series human-machine interface programming software (HMITool6.0) has a memory corruption vulnerability. Attackers can use the vulnerability to parse malformed project files, causing the program to crash and execute arbitrary code

Trust: 0.72

sources: CNVD: CNVD-2018-17411 // IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1 // CNVD: CNVD-2018-17411

AFFECTED PRODUCTS

vendor:invt electricmodel:vs series hmi programming softwarescope:eqversion:6.0

Trust: 0.8

sources: IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1 // CNVD: CNVD-2018-17411

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-17411
value: MEDIUM

Trust: 0.6

IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-17411
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1 // CNVD: CNVD-2018-17411

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1

PATCH

title:Denial of service vulnerability in INVT VS series human-machine interface programming software (HMITool6.0)url:https://www.cnvd.org.cn/patchinfo/show/137185

Trust: 0.6

sources: CNVD: CNVD-2018-17411

EXTERNAL IDS

db:CNVDid:CNVD-2018-17411

Trust: 0.8

db:IVDid:E2F8D55F-39AB-11E9-B909-000C29342CB1

Trust: 0.2

sources: IVD: e2f8d55f-39ab-11e9-b909-000c29342cb1 // CNVD: CNVD-2018-17411

SOURCES

db:IVDid:e2f8d55f-39ab-11e9-b909-000c29342cb1
db:CNVDid:CNVD-2018-17411

LAST UPDATE DATE

2022-05-17T01:52:34.945000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-17411date:2018-09-07T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2f8d55f-39ab-11e9-b909-000c29342cb1date:2018-09-04T00:00:00
db:CNVDid:CNVD-2018-17411date:2018-09-23T00:00:00