Details of VAR-201905-1330

ID

VAR-201905-1330

TITLE

Hollysys HT8000 has a memory corruption vulnerability when processing sh *** files

Trust: 0.6

sources: CNVD: CNVD-2019-15925

DESCRIPTION

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys HT8000 has a memory corruption vulnerability in the processing of sh *** files. An attacker can trick users who have installed HT8000 to open a malicious sh *** file. Or crash the program

Trust: 0.72

sources: CNVD: CNVD-2019-15925 // IVD: d36a5142-ec94-4899-addc-34602b01d8cf

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d36a5142-ec94-4899-addc-34602b01d8cf // CNVD: CNVD-2019-15925

AFFECTED PRODUCTS

vendor:

hollysys

model:

group ht8001

scope:

version:

v2.0.7

Trust: 0.8

sources: IVD: d36a5142-ec94-4899-addc-34602b01d8cf // CNVD: CNVD-2019-15925

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-15925
value:	MEDIUM
Trust: 0.6
IVD:	d36a5142-ec94-4899-addc-34602b01d8cf
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-15925
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d36a5142-ec94-4899-addc-34602b01d8cf
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: d36a5142-ec94-4899-addc-34602b01d8cf // CNVD: CNVD-2019-15925

TYPE

Resource management error

Trust: 0.2

sources: IVD: d36a5142-ec94-4899-addc-34602b01d8cf

PATCH

title:

Hollysys HT8000 shm project file has memory corruption vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/160357

Trust: 0.6

sources: CNVD: CNVD-2019-15925

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-15925	Trust: 0.8
db:	IVD	id:	D36A5142-EC94-4899-ADDC-34602B01D8CF	Trust: 0.2

sources: IVD: d36a5142-ec94-4899-addc-34602b01d8cf // CNVD: CNVD-2019-15925

SOURCES

db:	IVD	id:	d36a5142-ec94-4899-addc-34602b01d8cf
db:	CNVD	id:	CNVD-2019-15925

LAST UPDATE DATE

2022-05-17T01:47:50.913000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-15925

date:

2019-06-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	d36a5142-ec94-4899-addc-34602b01d8cf	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15925	date:	2019-06-20T00:00:00