Sign-up

ID

VAR-202006-1857


TITLE

Memory damage vulnerability exists in the software for quick-control PLC

Trust: 0.6

sources: CNVD: CNVD-2020-31568

DESCRIPTION

Quick Control Cloud (Shanghai) Intelligent Technology Co., Ltd., a high-tech company specialized in the research and development of industrial Internet of Things automation products such as cloud boxes, human-machine interfaces, and PLC, in cooperation with Shanghai Jiaotong University. There is a memory destruction vulnerability in the software for quick-control PLC development. An attacker can use this vulnerability to cause a system denial of service.

Trust: 0.6

sources: CNVD: CNVD-2020-31568

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde // IVD: 74a319e4-bc3b-4d15-926c-7aea781254be // CNVD: CNVD-2020-31568

AFFECTED PRODUCTS

vendor:quick control cloud intelligentmodel:plc development softwarescope:eqversion:v1.3.6

Trust: 0.6

sources: CNVD: CNVD-2020-31568

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-31568
value: MEDIUM

Trust: 0.6

IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde
value: MEDIUM

Trust: 0.2

IVD: 74a319e4-bc3b-4d15-926c-7aea781254be
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2020-31568
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 74a319e4-bc3b-4d15-926c-7aea781254be
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde // IVD: 74a319e4-bc3b-4d15-926c-7aea781254be // CNVD: CNVD-2020-31568

TYPE

Resource management error

Trust: 0.4

sources: IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde // IVD: 74a319e4-bc3b-4d15-926c-7aea781254be

PATCH

title:Memory damage vulnerability exists in the software for quick-control PLCurl:https://www.cnvd.org.cn/patchinfo/show/217189

Trust: 0.6

sources: CNVD: CNVD-2020-31568

EXTERNAL IDS

db:CNVDid:CNVD-2020-31568

Trust: 1.0

db:IVDid:E9CB8413-E2A2-471E-84FC-D32DD25F6BDE

Trust: 0.2

db:IVDid:74A319E4-BC3B-4D15-926C-7AEA781254BE

Trust: 0.2

sources: IVD: e9cb8413-e2a2-471e-84fc-d32dd25f6bde // IVD: 74a319e4-bc3b-4d15-926c-7aea781254be // CNVD: CNVD-2020-31568

SOURCES

db:IVDid:e9cb8413-e2a2-471e-84fc-d32dd25f6bde
db:IVDid:74a319e4-bc3b-4d15-926c-7aea781254be
db:CNVDid:CNVD-2020-31568

LAST UPDATE DATE

2022-05-17T01:57:37.146000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31568date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:IVDid:e9cb8413-e2a2-471e-84fc-d32dd25f6bdedate:2020-06-25T00:00:00
db:IVDid:74a319e4-bc3b-4d15-926c-7aea781254bedate:2020-06-25T00:00:00
db:CNVDid:CNVD-2020-31568date:2020-06-25T00:00:00