Details of VAR-202006-1860

ID

VAR-202006-1860

TITLE

Haiwell cloud configuration software Cloud SCADA has arbitrary file deletion vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-32347

DESCRIPTION

Haiwell cloud configuration software Cloud SCADA is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd. The Haiwell cloud configuration software Cloud SCADA has an arbitrary file deletion vulnerability, and attackers can use the vulnerability to delete arbitrary files on the server.

Trust: 0.6

sources: CNVD: CNVD-2020-32347

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 49068139-b09a-447c-ba44-a947d540bed8 // IVD: 9c76b45a-b720-4b6d-bb62-f61bf532a903 // CNVD: CNVD-2020-32347

AFFECTED PRODUCTS

vendor:

haiwei

model:

cloud configuration software

scope:

version:

3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-32347

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-32347
value:	LOW
Trust: 0.6
IVD:	49068139-b09a-447c-ba44-a947d540bed8
value:	LOW
Trust: 0.2
IVD:	9c76b45a-b720-4b6d-bb62-f61bf532a903
value:	LOW
Trust: 0.2

CNVD:	CNVD-2020-32347
severity:	LOW
baseScore:	2.4
vectorString:	AV:L/AC:H/AU:S/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	49068139-b09a-447c-ba44-a947d540bed8
severity:	LOW
baseScore:	2.4
vectorString:	AV:L/AC:H/AU:S/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	9c76b45a-b720-4b6d-bb62-f61bf532a903
severity:	LOW
baseScore:	2.4
vectorString:	AV:L/AC:H/AU:S/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 49068139-b09a-447c-ba44-a947d540bed8 // IVD: 9c76b45a-b720-4b6d-bb62-f61bf532a903 // CNVD: CNVD-2020-32347

TYPE

Permission permission and access control

Trust: 0.4

sources: IVD: 49068139-b09a-447c-ba44-a947d540bed8 // IVD: 9c76b45a-b720-4b6d-bb62-f61bf532a903

PATCH

title:

Haiwell cloud configuration software Cloud SCADA has arbitrary file deletion vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/217233

Trust: 0.6

sources: CNVD: CNVD-2020-32347

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-32347	Trust: 1.0
db:	IVD	id:	49068139-B09A-447C-BA44-A947D540BED8	Trust: 0.2
db:	IVD	id:	9C76B45A-B720-4B6D-BB62-F61BF532A903	Trust: 0.2

sources: IVD: 49068139-b09a-447c-ba44-a947d540bed8 // IVD: 9c76b45a-b720-4b6d-bb62-f61bf532a903 // CNVD: CNVD-2020-32347

SOURCES

db:	IVD	id:	49068139-b09a-447c-ba44-a947d540bed8
db:	IVD	id:	9c76b45a-b720-4b6d-bb62-f61bf532a903
db:	CNVD	id:	CNVD-2020-32347

LAST UPDATE DATE

2022-05-17T02:01:00.916000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-32347

date:

2020-06-16T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	49068139-b09a-447c-ba44-a947d540bed8	date:	2020-06-26T00:00:00
db:	IVD	id:	9c76b45a-b720-4b6d-bb62-f61bf532a903	date:	2020-06-26T00:00:00
db:	CNVD	id:	CNVD-2020-32347	date:	2020-06-26T00:00:00