Sign-up

ID

VAR-202006-1863


TITLE

Haiwell SCADA has a hard-coded certificate authorization bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-31605

DESCRIPTION

Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd. Haiwell SCADA has a hard-coded certificate authorization bypass vulnerability that attackers can use to obtain sensitive software information.

Trust: 0.6

sources: CNVD: CNVD-2020-31605

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7 // IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9 // CNVD: CNVD-2020-31605

AFFECTED PRODUCTS

vendor:haiweimodel:cloud configuration softwarescope:eqversion:3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-31605

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-31605
value: LOW

Trust: 0.6

IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7
value: LOW

Trust: 0.2

IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9
value: LOW

Trust: 0.2

CNVD: CNVD-2020-31605
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7 // IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9 // CNVD: CNVD-2020-31605

TYPE

Permission permission and access control

Trust: 0.4

sources: IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7 // IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9

PATCH

title:Haiwell SCADA has a hard-coded certificate authorization bypass vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/217535

Trust: 0.6

sources: CNVD: CNVD-2020-31605

EXTERNAL IDS

db:CNVDid:CNVD-2020-31605

Trust: 1.0

db:IVDid:2E1C0A18-1F21-4CCF-8936-110CFAFBE8E7

Trust: 0.2

db:IVDid:AAACAFB6-A01F-448D-9E6C-2BA84B5A82C9

Trust: 0.2

sources: IVD: 2e1c0a18-1f21-4ccf-8936-110cfafbe8e7 // IVD: aaacafb6-a01f-448d-9e6c-2ba84b5a82c9 // CNVD: CNVD-2020-31605

SOURCES

db:IVDid:2e1c0a18-1f21-4ccf-8936-110cfafbe8e7
db:IVDid:aaacafb6-a01f-448d-9e6c-2ba84b5a82c9
db:CNVDid:CNVD-2020-31605

LAST UPDATE DATE

2022-05-17T01:45:05.630000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31605date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:IVDid:2e1c0a18-1f21-4ccf-8936-110cfafbe8e7date:2020-06-25T00:00:00
db:IVDid:aaacafb6-a01f-448d-9e6c-2ba84b5a82c9date:2020-06-25T00:00:00
db:CNVDid:CNVD-2020-31605date:2020-06-25T00:00:00