Sign-up

ID

VAR-201906-1271


TITLE

SoMachine HVAC has dll hijacking vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-17276

DESCRIPTION

SoMachine HVAC is PLC programming software. SoMachine HVAC has dll hijacking vulnerability when processing ppjs and ppjx files. Attackers can use this vulnerability to load malicious dlls and execute malicious code

Trust: 0.72

sources: CNVD: CNVD-2019-17276 // IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a // CNVD: CNVD-2019-17276

AFFECTED PRODUCTS

vendor:schneidermodel:electric somachine hvacscope:eqversion:2.4.1

Trust: 0.8

sources: IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a // CNVD: CNVD-2019-17276

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-17276
value: HIGH

Trust: 0.6

IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a
value: HIGH

Trust: 0.2

CNVD: CNVD-2019-17276
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a // CNVD: CNVD-2019-17276

TYPE

Code injection

Trust: 0.2

sources: IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a

EXTERNAL IDS

db:CNVDid:CNVD-2019-17276

Trust: 0.8

db:IVDid:1039E9FD-ADAB-4D28-BF78-E96EDCFF798A

Trust: 0.2

sources: IVD: 1039e9fd-adab-4d28-bf78-e96edcff798a // CNVD: CNVD-2019-17276

SOURCES

db:IVDid:1039e9fd-adab-4d28-bf78-e96edcff798a
db:CNVDid:CNVD-2019-17276

LAST UPDATE DATE

2022-05-17T02:09:43.276000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-17276date:2019-06-14T00:00:00

SOURCES RELEASE DATE

db:IVDid:1039e9fd-adab-4d28-bf78-e96edcff798adate:2019-06-13T00:00:00
db:CNVDid:CNVD-2019-17276date:2019-06-06T00:00:00