Sign-up

ID

VAR-202003-1788


TITLE

Qingdao Automation Instrumentation Co., Ltd. intelligent instrument cluster management system has SQL injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-10538

DESCRIPTION

Intelligent meter collection management system is an industrial control management system that controls and manages some data of the energy industry. Qingdao Automation Instrumentation Co., Ltd.'s intelligent instrument cluster management system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2020-10538

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd // CNVD: CNVD-2020-10538

AFFECTED PRODUCTS

vendor:qingdao automation instrumentationmodel:intelligent instrument collection management systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-10538

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-10538
value: HIGH

Trust: 0.6

IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd
value: HIGH

Trust: 0.2

CNVD: CNVD-2020-10538
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd // CNVD: CNVD-2020-10538

TYPE

SQL injection

Trust: 0.2

sources: IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd

PATCH

title:Qingdao Automation Instrumentation Co., Ltd. intelligent instrument cluster management system has SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/198911

Trust: 0.6

sources: CNVD: CNVD-2020-10538

EXTERNAL IDS

db:CNVDid:CNVD-2020-10538

Trust: 0.8

db:IVDid:C6AA66BC-9203-4A8D-A437-B84D32E38CBD

Trust: 0.2

sources: IVD: c6aa66bc-9203-4a8d-a437-b84d32e38cbd // CNVD: CNVD-2020-10538

SOURCES

db:IVDid:c6aa66bc-9203-4a8d-a437-b84d32e38cbd
db:CNVDid:CNVD-2020-10538

LAST UPDATE DATE

2022-05-17T02:09:42.296000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-10538date:2020-03-19T00:00:00

SOURCES RELEASE DATE

db:IVDid:c6aa66bc-9203-4a8d-a437-b84d32e38cbddate:2020-03-15T00:00:00
db:CNVDid:CNVD-2020-10538date:2020-03-15T00:00:00