Details of VAR-201909-1546

ID

VAR-201909-1546

TITLE

Kingview project has password bypass vulnerability

Trust: 0.8

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21 // CNVD: CNVD-2019-30119

DESCRIPTION

KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. The Kingview project has a password bypass vulnerability. An attacker could use this vulnerability to bypass the project password to protect the operation project

Trust: 0.72

sources: CNVD: CNVD-2019-30119 // IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21 // CNVD: CNVD-2019-30119

AFFECTED PRODUCTS

vendor:

yakong

model:

kingview software sp2

scope:

version:

v7.5

Trust: 0.8

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21 // CNVD: CNVD-2019-30119

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-30119
value:	LOW
Trust: 0.6
IVD:	42e8a916-bb72-4c58-8e53-c6360c0f2f21
value:	LOW
Trust: 0.2

CNVD:	CNVD-2019-30119
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	42e8a916-bb72-4c58-8e53-c6360c0f2f21
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21 // CNVD: CNVD-2019-30119

TYPE

Access verification error

Trust: 0.2

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21

PATCH

title:

Kingview project has password bypass vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/174627

Trust: 0.6

sources: CNVD: CNVD-2019-30119

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-30119	Trust: 0.8
db:	IVD	id:	42E8A916-BB72-4C58-8E53-C6360C0F2F21	Trust: 0.2

sources: IVD: 42e8a916-bb72-4c58-8e53-c6360c0f2f21 // CNVD: CNVD-2019-30119

SOURCES

db:	IVD	id:	42e8a916-bb72-4c58-8e53-c6360c0f2f21
db:	CNVD	id:	CNVD-2019-30119

LAST UPDATE DATE

2022-05-17T01:55:45.063000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-30119

date:

2019-09-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	42e8a916-bb72-4c58-8e53-c6360c0f2f21	date:	2019-09-03T00:00:00
db:	CNVD	id:	CNVD-2019-30119	date:	2019-09-24T00:00:00