Details of VAR-201809-1209

ID

VAR-201809-1209

TITLE

UWinTech Pro control engineering application software platform has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-19469

DESCRIPTION

UWinTech Pro control engineering application software platform professional version is based on multi-platform heterogeneous systems such as Windows 7 / Windows XP and real-time OS. It adopts multi-tasking, multi-threading and component structure design technologies. It integrates field data collection, I / O module diagnostic configuration, and distributed real-time. Database, control algorithm real-time execution, graphic monitoring and real-time software are run on different levels of hardware platforms respectively. Through the control network and the system network, various data, management and control information are exchanged to coordinately complete the various distributed control systems. Features. An unauthorized access vulnerability exists in the UWinTech Pro control engineering application software platform. Attackers can use this vulnerability to gain unauthorized access to sensitive information

Trust: 0.72

sources: CNVD: CNVD-2018-19469 // IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-19469

AFFECTED PRODUCTS

vendor:	youwen automation system	model:	hangzhou youwen automation system co. ltd. edition uwintechpro1.05	scope:	-	version:	-	Trust: 0.6
vendor:	youwen automation system	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	youwen automation system	model:	uwintechpro1.05	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-19469

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-19469
value:	LOW
Trust: 0.6
IVD:	e2fc7ee1-39ab-11e9-9ad3-000c29342cb1
value:	LOW
Trust: 0.2

CNVD:	CNVD-2018-19469
severity:	LOW
baseScore:	3.2
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fc7ee1-39ab-11e9-9ad3-000c29342cb1
severity:	LOW
baseScore:	3.2
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-19469

TYPE

Access verification error

Trust: 0.2

sources: IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1

PATCH

title:

Unauthorized access vulnerability exists in Hangzhou UwinTech control engineering application software platform

url:

https://www.cnvd.org.cn/patchinfo/show/137637

Trust: 0.6

sources: CNVD: CNVD-2018-19469

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-19469	Trust: 0.8
db:	IVD	id:	E2FC7EE1-39AB-11E9-9AD3-000C29342CB1	Trust: 0.2

sources: IVD: e2fc7ee1-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-19469

SOURCES

db:	IVD	id:	e2fc7ee1-39ab-11e9-9ad3-000c29342cb1
db:	CNVD	id:	CNVD-2018-19469

LAST UPDATE DATE

2022-05-17T02:08:02.527000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-19469

date:

2018-09-28T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2fc7ee1-39ab-11e9-9ad3-000c29342cb1	date:	2018-09-20T00:00:00
db:	CNVD	id:	CNVD-2018-19469	date:	2018-09-30T00:00:00