Sign-up

ID

VAR-201809-1215


TITLE

A memory corruption vulnerability exists in the IOCS screen configuration software of the Kuwait text machine

Trust: 0.6

sources: CNVD: CNVD-2018-18062

DESCRIPTION

Huangshi Kewei Automatic Control Co., Ltd. is an enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. There is a memory corruption vulnerability in the IOCS screen configuration software of the Kewei text integrated machine. The vulnerability is due to the failure of the IOCS1.33.exe file to verify the integrity of the project file. An attacker could use the vulnerability to cause memory corruption when reading the project file

Trust: 0.72

sources: CNVD: CNVD-2018-18062 // IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1 // CNVD: CNVD-2018-18062

AFFECTED PRODUCTS

vendor:huangshi kewei automatic controlmodel:text display integrated screen configuration software iocsscope:eqversion:1.33

Trust: 0.6

vendor:huangshi kewei automatic controlmodel:text display all-in-one screen configuration software iocsscope:eqversion:1.33

Trust: 0.2

sources: IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1 // CNVD: CNVD-2018-18062

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-18062
value: MEDIUM

Trust: 0.6

IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-18062
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1 // CNVD: CNVD-2018-18062

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1

PATCH

title:A memory corruption vulnerability exists in the IOCS screen configuration software of the Kuwait text machineurl:https://www.cnvd.org.cn/patchinfo/show/139075

Trust: 0.6

sources: CNVD: CNVD-2018-18062

EXTERNAL IDS

db:CNVDid:CNVD-2018-18062

Trust: 0.8

db:IVDid:E2F8FC71-39AB-11E9-8688-000C29342CB1

Trust: 0.2

sources: IVD: e2f8fc71-39ab-11e9-8688-000c29342cb1 // CNVD: CNVD-2018-18062

SOURCES

db:IVDid:e2f8fc71-39ab-11e9-8688-000c29342cb1
db:CNVDid:CNVD-2018-18062

LAST UPDATE DATE

2022-05-17T02:04:29.628000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-18062date:2018-09-10T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2f8fc71-39ab-11e9-8688-000c29342cb1date:2018-09-10T00:00:00
db:CNVDid:CNVD-2018-18062date:2018-10-15T00:00:00