Details of VAR-201903-1632

ID

VAR-201903-1632

TITLE

Kingfisher 6.60 SP3 Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-08478

DESCRIPTION

KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. Kingfisher 6.60 SP3 has a denial of service vulnerability. The vulnerability stems from the failure to verify the SVG format. Attackers can use this vulnerability to cause a denial of service

Trust: 0.72

sources: CNVD: CNVD-2019-08478 // IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01 // CNVD: CNVD-2019-08478

AFFECTED PRODUCTS

vendor:	yakong	model:	kingview sp3	scope:	eq	version:	6.60	Trust: 0.6
vendor:	yakong	model:	kingview( kingview sp3	scope:	eq	version:	)6.60*	Trust: 0.2

sources: IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01 // CNVD: CNVD-2019-08478

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-08478
value:	MEDIUM
Trust: 0.6
IVD:	a7eca6ea-fcc4-4cfb-aca0-651a32b87a01
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-08478
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a7eca6ea-fcc4-4cfb-aca0-651a32b87a01
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01 // CNVD: CNVD-2019-08478

TYPE

Denial of service

Trust: 0.2

sources: IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-08478	Trust: 0.8
db:	IVD	id:	A7ECA6EA-FCC4-4CFB-ACA0-651A32B87A01	Trust: 0.2

sources: IVD: a7eca6ea-fcc4-4cfb-aca0-651a32b87a01 // CNVD: CNVD-2019-08478

SOURCES

db:	IVD	id:	a7eca6ea-fcc4-4cfb-aca0-651a32b87a01
db:	CNVD	id:	CNVD-2019-08478

LAST UPDATE DATE

2022-05-17T01:45:08.376000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-08478

date:

2019-04-01T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a7eca6ea-fcc4-4cfb-aca0-651a32b87a01	date:	2019-03-29T00:00:00
db:	CNVD	id:	CNVD-2019-08478	date:	2019-04-18T00:00:00