Sign-up

ID

VAR-201902-0884


TITLE

Qtouch cross-platform technology configuration software has code execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-05640

DESCRIPTION

Qtouch cross-platform technology configuration software has the characteristics of cross-platform and unified work platform, and can achieve a unified work platform on multiple operations at the same time across multiple operating systems. Qtouch cross-platform technology configuration software has a code execution vulnerability. The vulnerability stems from the failure of Ctdraw.exe to verify the contents of the file project when processing drw files. Attackers can use this vulnerability to execute arbitrary code

Trust: 0.72

sources: CNVD: CNVD-2019-05640 // IVD: aba5b589-b98c-4c02-b897-cbc05508c520

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: aba5b589-b98c-4c02-b897-cbc05508c520 // CNVD: CNVD-2019-05640

AFFECTED PRODUCTS

vendor:shuntong intelligentmodel:qtouch cross-platform technology configuration softwarescope:eqversion:v2.0

Trust: 0.8

sources: IVD: aba5b589-b98c-4c02-b897-cbc05508c520 // CNVD: CNVD-2019-05640

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-05640
value: HIGH

Trust: 0.6

IVD: aba5b589-b98c-4c02-b897-cbc05508c520
value: HIGH

Trust: 0.2

CNVD: CNVD-2019-05640
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: aba5b589-b98c-4c02-b897-cbc05508c520
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: aba5b589-b98c-4c02-b897-cbc05508c520 // CNVD: CNVD-2019-05640

TYPE

Code injection

Trust: 0.2

sources: IVD: aba5b589-b98c-4c02-b897-cbc05508c520

PATCH

title:QTouch has code execution vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/152047

Trust: 0.6

sources: CNVD: CNVD-2019-05640

EXTERNAL IDS

db:CNVDid:CNVD-2019-05640

Trust: 0.8

db:IVDid:ABA5B589-B98C-4C02-B897-CBC05508C520

Trust: 0.2

sources: IVD: aba5b589-b98c-4c02-b897-cbc05508c520 // CNVD: CNVD-2019-05640

SOURCES

db:IVDid:aba5b589-b98c-4c02-b897-cbc05508c520
db:CNVDid:CNVD-2019-05640

LAST UPDATE DATE

2022-05-17T02:03:12.024000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-05640date:2019-02-28T00:00:00

SOURCES RELEASE DATE

db:IVDid:aba5b589-b98c-4c02-b897-cbc05508c520date:2019-02-28T00:00:00
db:CNVDid:CNVD-2019-05640date:2019-03-10T00:00:00