Sign-up

ID

VAR-201905-1346


TITLE

DLL hijacking vulnerability in INVT PanelSim

Trust: 0.6

sources: CNVD: CNVD-2019-14597

DESCRIPTION

Shenzhen INVT Electric Co., Ltd. is specialized in the fields of industrial automation and energy power. DLL hijacking vulnerability exists in INVT PanelSim when processing pl3 project files. Attackers can use the vulnerability to load malicious DLLs and execute malicious code

Trust: 0.72

sources: CNVD: CNVD-2019-14597 // IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3 // CNVD: CNVD-2019-14597

AFFECTED PRODUCTS

vendor: - model:invt panelsimscope:eqversion:v2.2

Trust: 0.6

vendor:invt electricmodel:panelsimscope:eqversion:v2.2

Trust: 0.2

sources: IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3 // CNVD: CNVD-2019-14597

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-14597
value: HIGH

Trust: 0.6

IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3
value: HIGH

Trust: 0.2

CNVD: CNVD-2019-14597
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3 // CNVD: CNVD-2019-14597

TYPE

Code injection

Trust: 0.2

sources: IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3

PATCH

title:dll hijacking vulnerability in invt PanelSimurl:https://www.cnvd.org.cn/patchinfo/show/160127

Trust: 0.6

sources: CNVD: CNVD-2019-14597

EXTERNAL IDS

db:CNVDid:CNVD-2019-14597

Trust: 0.8

db:IVDid:88535FFD-15E8-45BB-BED3-3E856F18CAE3

Trust: 0.2

sources: IVD: 88535ffd-15e8-45bb-bed3-3e856f18cae3 // CNVD: CNVD-2019-14597

SOURCES

db:IVDid:88535ffd-15e8-45bb-bed3-3e856f18cae3
db:CNVDid:CNVD-2019-14597

LAST UPDATE DATE

2022-05-17T01:36:10+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-14597date:2019-05-17T00:00:00

SOURCES RELEASE DATE

db:IVDid:88535ffd-15e8-45bb-bed3-3e856f18cae3date:2019-05-17T00:00:00
db:CNVDid:CNVD-2019-14597date:2019-06-13T00:00:00