Sign-up

ID

VAR-202003-1791


TITLE

Xintian Technology's intelligent water management and control integrated platform system has SQL injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-10177

DESCRIPTION

Xintian Technology Co., Ltd. provides products and intelligent solutions to achieve energy saving. Xintian Technology's intelligent water management and control integrated platform system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2020-10177

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f // CNVD: CNVD-2020-10177

AFFECTED PRODUCTS

vendor:xintianmodel:technology intelligent water management integrated platform systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-10177

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-10177
value: HIGH

Trust: 0.6

IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f
value: HIGH

Trust: 0.2

CNVD: CNVD-2020-10177
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f // CNVD: CNVD-2020-10177

TYPE

SQL injection

Trust: 0.2

sources: IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f

PATCH

title:Xintian Technology's intelligent water management and control integrated platform system has SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/199123

Trust: 0.6

sources: CNVD: CNVD-2020-10177

EXTERNAL IDS

db:CNVDid:CNVD-2020-10177

Trust: 0.8

db:IVDid:CCB6D938-160D-4291-A32D-F41FA2222A9F

Trust: 0.2

sources: IVD: ccb6d938-160d-4291-a32d-f41fa2222a9f // CNVD: CNVD-2020-10177

SOURCES

db:IVDid:ccb6d938-160d-4291-a32d-f41fa2222a9f
db:CNVDid:CNVD-2020-10177

LAST UPDATE DATE

2022-05-17T01:52:29.903000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-10177date:2020-03-23T00:00:00

SOURCES RELEASE DATE

db:IVDid:ccb6d938-160d-4291-a32d-f41fa2222a9fdate:2020-03-21T00:00:00
db:CNVDid:CNVD-2020-10177date:2020-03-21T00:00:00