Details of VAR-201811-0990

ID

VAR-201811-0990

TITLE

Denial of Service Vulnerability in IOCS of Kuwei Text Display All-in-One Screen Configuration Software

Trust: 0.6

sources: CNVD: CNVD-2018-23358

DESCRIPTION

Kewei text display integrated screen configuration software IOCS is a programming software. There is a denial of service vulnerability in the IOCS, the screen configuration software of the Kuwait text display integrated machine. An attacker can cause a program to crash by constructing a malformed ICOS format, and if successfully exploited, can cause arbitrary code execution

Trust: 0.72

sources: CNVD: CNVD-2018-23358 // IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1 // CNVD: CNVD-2018-23358

AFFECTED PRODUCTS

vendor:	huangshi kewei automatic control	model:	text display integrated screen configuration software iocs	scope:	eq	version:	1.33	Trust: 0.6
vendor:	huangshi kewei automatic control	model:	text display all-in-one screen configuration software iocs	scope:	eq	version:	1.33	Trust: 0.2

sources: IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1 // CNVD: CNVD-2018-23358

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-23358
value:	MEDIUM
Trust: 0.6
IVD:	7d7081c0-463f-11e9-a46f-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-23358
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d7081c0-463f-11e9-a46f-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1 // CNVD: CNVD-2018-23358

TYPE

Denial of service

Trust: 0.2

sources: IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1

PATCH

title:

Kewei All-in-One Screen Configuration Software Has Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/143725

Trust: 0.6

sources: CNVD: CNVD-2018-23358

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-23358	Trust: 0.8
db:	IVD	id:	7D7081C0-463F-11E9-A46F-000C29342CB1	Trust: 0.2

sources: IVD: 7d7081c0-463f-11e9-a46f-000c29342cb1 // CNVD: CNVD-2018-23358

SOURCES

db:	IVD	id:	7d7081c0-463f-11e9-a46f-000c29342cb1
db:	CNVD	id:	CNVD-2018-23358

LAST UPDATE DATE

2022-05-17T01:57:39.354000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-23358

date:

2018-12-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7d7081c0-463f-11e9-a46f-000c29342cb1	date:	2018-11-16T00:00:00
db:	CNVD	id:	CNVD-2018-23358	date:	2018-12-20T00:00:00