Details of VAR-201905-1335

ID

VAR-201905-1335

TITLE

Hollysys HT8000 has a memory corruption vulnerability when processing sh *** files (CNVD-2019-15924)

Trust: 0.6

sources: CNVD: CNVD-2019-15924

DESCRIPTION

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys HT8000 has a memory corruption vulnerability in the processing of sh *** files. An attacker can trick users who have installed HT8000 to open a malicious sh *** file. Or crash the program

Trust: 0.72

sources: CNVD: CNVD-2019-15924 // IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47 // CNVD: CNVD-2019-15924

AFFECTED PRODUCTS

vendor:

hollysys

model:

group ht8001

scope:

version:

v2.0.7

Trust: 0.8

sources: IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47 // CNVD: CNVD-2019-15924

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-15924
value:	MEDIUM
Trust: 0.6
IVD:	c6350219-00e1-4d89-97e7-2fd2bf6e9d47
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-15924
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	c6350219-00e1-4d89-97e7-2fd2bf6e9d47
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47 // CNVD: CNVD-2019-15924

TYPE

Resource management error

Trust: 0.2

sources: IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47

PATCH

title:

Hollysys HT8001 skm project file has memory corruption vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/160585

Trust: 0.6

sources: CNVD: CNVD-2019-15924

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-15924	Trust: 0.8
db:	IVD	id:	C6350219-00E1-4D89-97E7-2FD2BF6E9D47	Trust: 0.2

sources: IVD: c6350219-00e1-4d89-97e7-2fd2bf6e9d47 // CNVD: CNVD-2019-15924

SOURCES

db:	IVD	id:	c6350219-00e1-4d89-97e7-2fd2bf6e9d47
db:	CNVD	id:	CNVD-2019-15924

LAST UPDATE DATE

2022-05-17T02:01:02.539000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-15924

date:

2019-06-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	c6350219-00e1-4d89-97e7-2fd2bf6e9d47	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15924	date:	2019-06-20T00:00:00