Details of VAR-202004-2224

ID

VAR-202004-2224

TITLE

Beijing Hollysys Automation Drive Technology Co., Ltd. and HollySys HT8000 have a memory corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-18672

DESCRIPTION

Founded in 1993, Hollysys is a leading supplier of automation and information technology solutions in China. HT8000CN configuration software is the company's HT series touch screen configuration screen development system. Beijing HollySys Automation Drive Technology Co., Ltd. and HollySys HT8000 have a memory corruption vulnerability that an attacker can use to construct a malformed shm file that can cause the program to crash.

Trust: 0.6

sources: CNVD: CNVD-2020-18672

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 10242b33-5d6f-4299-b077-31706c736d7d // CNVD: CNVD-2020-18672

AFFECTED PRODUCTS

vendor:

hollysys automation drive

model:

ht8000

scope:

version:

1.0.11

Trust: 0.6

sources: CNVD: CNVD-2020-18672

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-18672
value:	MEDIUM
Trust: 0.6
IVD:	10242b33-5d6f-4299-b077-31706c736d7d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2020-18672
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	10242b33-5d6f-4299-b077-31706c736d7d
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 10242b33-5d6f-4299-b077-31706c736d7d // CNVD: CNVD-2020-18672

TYPE

Memory leak

Trust: 0.2

sources: IVD: 10242b33-5d6f-4299-b077-31706c736d7d

PATCH

title:

HollySys HT8000 has a memory corruption vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/205227

Trust: 0.6

sources: CNVD: CNVD-2020-18672

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-18672	Trust: 0.8
db:	IVD	id:	10242B33-5D6F-4299-B077-31706C736D7D	Trust: 0.2

sources: IVD: 10242b33-5d6f-4299-b077-31706c736d7d // CNVD: CNVD-2020-18672

SOURCES

db:	IVD	id:	10242b33-5d6f-4299-b077-31706c736d7d
db:	CNVD	id:	CNVD-2020-18672

LAST UPDATE DATE

2022-05-17T02:05:47.039000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-18672

date:

2020-04-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	10242b33-5d6f-4299-b077-31706c736d7d	date:	2020-04-10T00:00:00
db:	CNVD	id:	CNVD-2020-18672	date:	2020-04-10T00:00:00