Details of VAR-201910-1862

ID

VAR-201910-1862

TITLE

Triconex SIS system has authentication bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-32857

DESCRIPTION

The Triconex SIS system is a modern programmable logic and process controller. The Triconex SIS system has an authentication bypass vulnerability that can be used by unauthorized attackers to access the controller.

Trust: 0.6

sources: CNVD: CNVD-2019-32857

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-32857

AFFECTED PRODUCTS

vendor:

hebei kangjisen automation engineering

model:

triconex sis system

scope:

version:

v4.90

Trust: 0.6

sources: CNVD: CNVD-2019-32857

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-32857
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2019-32857
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-32857

PATCH

title:

Triconex SIS System Has Authentication Logic Defect Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/179389

Trust: 0.6

sources: CNVD: CNVD-2019-32857

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-32857

Trust: 0.6

sources: CNVD: CNVD-2019-32857

SOURCES

db:

CNVD

id:

CNVD-2019-32857

LAST UPDATE DATE

2022-05-04T09:55:55.232000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-32857

date:

2019-09-25T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-32857

date:

2019-10-19T00:00:00