Details of VAR-201909-1554

ID

VAR-201909-1554

TITLE

Haiwell PLC has authentication bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-32856

DESCRIPTION

Xiamen Haiwei Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production, sales and service. Haiwell PLC has an authentication bypass vulnerability that can be exploited by unauthorized attackers to cause unauthorized access to the controller

Trust: 0.72

sources: CNVD: CNVD-2019-32856 // IVD: fb3b5b90-15ee-4967-b520-486720e76400

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: fb3b5b90-15ee-4967-b520-486720e76400 // CNVD: CNVD-2019-32856

AFFECTED PRODUCTS

vendor:	haiwell	model:	plc	scope:	eq	version:	v5.8.0	Trust: 0.6
vendor:	haiwei	model:	haiwell plc	scope:	eq	version:	v5.8.0	Trust: 0.2

sources: IVD: fb3b5b90-15ee-4967-b520-486720e76400 // CNVD: CNVD-2019-32856

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-32856
value:	MEDIUM
Trust: 0.6
IVD:	fb3b5b90-15ee-4967-b520-486720e76400
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-32856
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	fb3b5b90-15ee-4967-b520-486720e76400
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: fb3b5b90-15ee-4967-b520-486720e76400 // CNVD: CNVD-2019-32856

TYPE

Access verification error

Trust: 0.2

sources: IVD: fb3b5b90-15ee-4967-b520-486720e76400

PATCH

title:

Haiwell PLC has authentication logic flaw vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/179377

Trust: 0.6

sources: CNVD: CNVD-2019-32856

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-32856	Trust: 0.8
db:	IVD	id:	FB3B5B90-15EE-4967-B520-486720E76400	Trust: 0.2

sources: IVD: fb3b5b90-15ee-4967-b520-486720e76400 // CNVD: CNVD-2019-32856

SOURCES

db:	IVD	id:	fb3b5b90-15ee-4967-b520-486720e76400
db:	CNVD	id:	CNVD-2019-32856

LAST UPDATE DATE

2022-05-17T02:04:28.375000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-32856

date:

2019-09-25T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	fb3b5b90-15ee-4967-b520-486720e76400	date:	2019-09-24T00:00:00
db:	CNVD	id:	CNVD-2019-32856	date:	2019-10-19T00:00:00