Details of VAR-202004-2215

ID

VAR-202004-2215

TITLE

KEWEI WSP series text display screen configuration software has a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-20193

DESCRIPTION

Huangshi Kewei Automatic Control Co., Ltd. is a high-tech enterprise and software enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. KEWEI WSP series text display screen configuration software has a memory corruption vulnerability, and an attacker can exploit the vulnerability by constructing a deformed KECX to cause the program to crash.

Trust: 0.6

sources: CNVD: CNVD-2020-20193

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a25f4081-3c4a-4b80-a9f3-ae41eaf832b2 // CNVD: CNVD-2020-20193

AFFECTED PRODUCTS

vendor:	huangshi kewei automatic control	model:	wsp series text display screen configuration software kec330	scope:	-	version:	-	Trust: 0.6
vendor:	huangshi kewei automatic control	model:	wsp series text display screen configuration software kec320	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20193

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-20193
value:	MEDIUM
Trust: 0.6
IVD:	a25f4081-3c4a-4b80-a9f3-ae41eaf832b2
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2020-20193
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a25f4081-3c4a-4b80-a9f3-ae41eaf832b2
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a25f4081-3c4a-4b80-a9f3-ae41eaf832b2 // CNVD: CNVD-2020-20193

TYPE

Memory leak

Trust: 0.2

sources: IVD: a25f4081-3c4a-4b80-a9f3-ae41eaf832b2

PATCH

title:

Huangshi City Kewei Automatic Control Co., Ltd. WSP series text display screen configuration software has a memory corruption vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/208667

Trust: 0.6

sources: CNVD: CNVD-2020-20193

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-20193	Trust: 0.8
db:	IVD	id:	A25F4081-3C4A-4B80-A9F3-AE41EAF832B2	Trust: 0.2

sources: IVD: a25f4081-3c4a-4b80-a9f3-ae41eaf832b2 // CNVD: CNVD-2020-20193

SOURCES

db:	IVD	id:	a25f4081-3c4a-4b80-a9f3-ae41eaf832b2
db:	CNVD	id:	CNVD-2020-20193

LAST UPDATE DATE

2022-05-17T01:40:54.250000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-20193

date:

2020-04-13T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a25f4081-3c4a-4b80-a9f3-ae41eaf832b2	date:	2020-04-23T00:00:00
db:	CNVD	id:	CNVD-2020-20193	date:	2020-04-23T00:00:00