Details of VAR-202004-2221

ID

VAR-202004-2221

TITLE

Delta Electronics Enterprise Management (Shanghai) Co., Ltd. IEXplorer has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-18736

DESCRIPTION

IEXplorer is an industrial Ethernet tool software that provides automatic search for Delta industrial Ethernet products, provides real-time monitoring of device connection status, quick IP address setting and software upgrade functions, applicable products include (DVS series, DVW series, IFD9506 , IFD9507, RTU-EN01, DVPEN01-SL, DVP12SE, DVP-FEN01, DVPSCM12-SL, DVPSCM52-SL, ASDA-M, CMC-MOD010). Delta Electronics Enterprise Management (Shanghai) Co., Ltd. has an unauthorized access vulnerability in IEXplorer. Attackers can use the loopholes to access all functions of the software in an unauthorized state, and perform illegal operations.

Trust: 0.6

sources: CNVD: CNVD-2020-18736

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4e4efe3f-bcfa-48b9-8680-2acefd75bbcf // CNVD: CNVD-2020-18736

AFFECTED PRODUCTS

vendor:

delta management

model:

iexplorer

scope:

version:

1.2.0.4

Trust: 0.6

sources: CNVD: CNVD-2020-18736

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-18736
value:	LOW
Trust: 0.6
IVD:	4e4efe3f-bcfa-48b9-8680-2acefd75bbcf
value:	LOW
Trust: 0.2

CNVD:	CNVD-2020-18736
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4e4efe3f-bcfa-48b9-8680-2acefd75bbcf
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 4e4efe3f-bcfa-48b9-8680-2acefd75bbcf // CNVD: CNVD-2020-18736

TYPE

Unauthorized access

Trust: 0.2

sources: IVD: 4e4efe3f-bcfa-48b9-8680-2acefd75bbcf

PATCH

title:

Delta IEXplorer industrial Ethernet tool software has unauthorized access vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/205919

Trust: 0.6

sources: CNVD: CNVD-2020-18736

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-18736	Trust: 0.8
db:	IVD	id:	4E4EFE3F-BCFA-48B9-8680-2ACEFD75BBCF	Trust: 0.2

sources: IVD: 4e4efe3f-bcfa-48b9-8680-2acefd75bbcf // CNVD: CNVD-2020-18736

SOURCES

db:	IVD	id:	4e4efe3f-bcfa-48b9-8680-2acefd75bbcf
db:	CNVD	id:	CNVD-2020-18736

LAST UPDATE DATE

2022-05-17T02:07:57.484000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-18736

date:

2020-08-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	4e4efe3f-bcfa-48b9-8680-2acefd75bbcf	date:	2020-04-06T00:00:00
db:	CNVD	id:	CNVD-2020-18736	date:	2020-04-06T00:00:00