Sign-up

ID

VAR-201905-1344


TITLE

Century Star mo *** server in heap overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-14859

DESCRIPTION

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. The Century Star mo *** server has a heap overflow vulnerability. An attacker can remotely execute malicious code on the user system through an open protocol port, and finally gain control of the user system. CSMaker Development system and CSViewer Composition of the operating system

Trust: 0.72

sources: CNVD: CNVD-2019-14859 // IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92 // CNVD: CNVD-2019-14859

AFFECTED PRODUCTS

vendor:century changqiumodel:star configuration softwarescope:eqversion:v9.1

Trust: 0.8

sources: IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92 // CNVD: CNVD-2019-14859

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-14859
value: MEDIUM

Trust: 0.6

IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2019-14859
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92 // CNVD: CNVD-2019-14859

TYPE

Buffer error

Trust: 0.2

sources: IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92

PATCH

title:Century Star Modbus Server MBServer.exe Has Heap Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/160285

Trust: 0.6

sources: CNVD: CNVD-2019-14859

EXTERNAL IDS

db:CNVDid:CNVD-2019-14859

Trust: 0.8

db:IVDid:8833D508-3112-47F6-9A54-CDF2A4222D92

Trust: 0.2

sources: IVD: 8833d508-3112-47f6-9a54-cdf2a4222d92 // CNVD: CNVD-2019-14859

SOURCES

db:IVDid:8833d508-3112-47f6-9a54-cdf2a4222d92
db:CNVDid:CNVD-2019-14859

LAST UPDATE DATE

2022-05-17T02:08:01.772000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-14859date:2019-05-22T00:00:00

SOURCES RELEASE DATE

db:IVDid:8833d508-3112-47f6-9a54-cdf2a4222d92date:2019-05-21T00:00:00
db:CNVDid:CNVD-2019-14859date:2019-06-10T00:00:00