Details of VAR-202004-2223

ID

VAR-202004-2223

TITLE

Beijing HollySys Automation Drive Technology Co., Ltd. and HollySys HT8001 have a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-18670

DESCRIPTION

Beijing Hershey Automation Drive Technology Co., Ltd. is China's leading provider of automation and information technology solutions. HT8001CN configuration software is the company's HT series touch screen configuration screen development system. It is an integrated development environment. It is very rich and very Powerful development function. Beijing Hollysys Automation Drive Technology Co., Ltd. and HollySys HT8001 have a memory corruption vulnerability, which can be exploited by an attacker to construct a malformed shm file that can cause the program to crash.

Trust: 0.6

sources: CNVD: CNVD-2020-18670

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 85be122e-2f06-40c1-92d0-dba8aeef1593 // CNVD: CNVD-2020-18670

AFFECTED PRODUCTS

vendor:

hollysys automation drive

model:

ht8001

scope:

version:

2.0.13

Trust: 0.6

sources: CNVD: CNVD-2020-18670

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-18670
value:	MEDIUM
Trust: 0.6
IVD:	85be122e-2f06-40c1-92d0-dba8aeef1593
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2020-18670
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	85be122e-2f06-40c1-92d0-dba8aeef1593
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 85be122e-2f06-40c1-92d0-dba8aeef1593 // CNVD: CNVD-2020-18670

TYPE

Memory leak

Trust: 0.2

sources: IVD: 85be122e-2f06-40c1-92d0-dba8aeef1593

PATCH

title:

HollySys HT8001 has a memory corruption vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/205233

Trust: 0.6

sources: CNVD: CNVD-2020-18670

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-18670	Trust: 0.8
db:	IVD	id:	85BE122E-2F06-40C1-92D0-DBA8AEEF1593	Trust: 0.2

sources: IVD: 85be122e-2f06-40c1-92d0-dba8aeef1593 // CNVD: CNVD-2020-18670

SOURCES

db:	IVD	id:	85be122e-2f06-40c1-92d0-dba8aeef1593
db:	CNVD	id:	CNVD-2020-18670

LAST UPDATE DATE

2022-05-17T02:09:42.159000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-18670

date:

2020-04-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	85be122e-2f06-40c1-92d0-dba8aeef1593	date:	2020-04-10T00:00:00
db:	CNVD	id:	CNVD-2020-18670	date:	2020-04-10T00:00:00