Details of VAR-201902-0885

ID

VAR-201902-0885

TITLE

Denial of service vulnerability in a field of the SISCO MMS protocol

Trust: 0.6

sources: CNVD: CNVD-2019-05652

DESCRIPTION

MMSLite is a communication component development library based on the IEC61850 standard of substation network communication developed by SISCO Corporation of the United States. It is mainly used for intelligent electronic devices such as remote terminal units RTU, automatic relays, and programmable logic controllers PLC. There is a denial of service vulnerability in a field of the SISCO MMS protocol. Sending malformed packets with a length value of 0 in a field in the MMS-Write service to a device developed using the SISCO MMS Lite suite can cause the device's MMS module to crash and the MMS protocol corresponding to port 102 cannot communicate

Trust: 0.72

sources: CNVD: CNVD-2019-05652 // IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb // CNVD: CNVD-2019-05652

AFFECTED PRODUCTS

vendor:

cisco

model:

mms lite protocol suite

scope:

version:

v5.0

Trust: 0.8

sources: IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb // CNVD: CNVD-2019-05652

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-05652
value:	LOW
Trust: 0.6
IVD:	349bbb69-1c4b-45c5-8d21-0b23886531fb
value:	LOW
Trust: 0.2

CNVD:	CNVD-2019-05652
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	349bbb69-1c4b-45c5-8d21-0b23886531fb
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb // CNVD: CNVD-2019-05652

TYPE

Denial of service

Trust: 0.2

sources: IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb

PATCH

title:

Denial of Service Vulnerability in a Field of Cisco MMS Protocol Length = 0

url:

https://www.cnvd.org.cn/patchinfo/show/149341

Trust: 0.6

sources: CNVD: CNVD-2019-05652

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-05652	Trust: 0.8
db:	IVD	id:	349BBB69-1C4B-45C5-8D21-0B23886531FB	Trust: 0.2

sources: IVD: 349bbb69-1c4b-45c5-8d21-0b23886531fb // CNVD: CNVD-2019-05652

SOURCES

db:	IVD	id:	349bbb69-1c4b-45c5-8d21-0b23886531fb
db:	CNVD	id:	CNVD-2019-05652

LAST UPDATE DATE

2022-05-17T01:50:54.323000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-05652

date:

2019-02-28T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	349bbb69-1c4b-45c5-8d21-0b23886531fb	date:	2019-02-28T00:00:00
db:	CNVD	id:	CNVD-2019-05652	date:	2019-02-22T00:00:00