Details of VAR-201905-1333

ID

VAR-201905-1333

TITLE

Century Star WebViewer.ocx control Da *** and other initialization parameters global variables have overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-15922

DESCRIPTION

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. CenturyStar WebViewer.ocx control Da *** and other initialization parameter global variables have overflow vulnerabilities. Attackers can trick users who install this control to visit malicious web pages, trigger vulnerabilities, remotely execute malicious code on the user's system, and ultimately gain control of the user's system. CSMaker Development system and CSViewer Composition of the operating system

Trust: 0.72

sources: CNVD: CNVD-2019-15922 // IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93 // CNVD: CNVD-2019-15922

AFFECTED PRODUCTS

vendor:

century changqiu

model:

star configuration software

scope:

version:

v9.1

Trust: 0.8

sources: IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93 // CNVD: CNVD-2019-15922

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-15922
value:	MEDIUM
Trust: 0.6
IVD:	a532219f-e2a8-49ae-993e-ec2935ed9e93
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-15922
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a532219f-e2a8-49ae-993e-ec2935ed9e93
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93 // CNVD: CNVD-2019-15922

TYPE

Buffer error

Trust: 0.2

sources: IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93

PATCH

title:

CenturyStar WebViewer.ocx control DateTime and other initialization parameters global variables have overflow vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/160851

Trust: 0.6

sources: CNVD: CNVD-2019-15922

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-15922	Trust: 0.8
db:	IVD	id:	A532219F-E2A8-49AE-993E-EC2935ED9E93	Trust: 0.2

sources: IVD: a532219f-e2a8-49ae-993e-ec2935ed9e93 // CNVD: CNVD-2019-15922

SOURCES

db:	IVD	id:	a532219f-e2a8-49ae-993e-ec2935ed9e93
db:	CNVD	id:	CNVD-2019-15922

LAST UPDATE DATE

2022-05-17T01:43:07.076000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-15922

date:

2019-06-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a532219f-e2a8-49ae-993e-ec2935ed9e93	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15922	date:	2019-06-20T00:00:00