Sign-up

ID

VAR-202006-1864


TITLE

Haiwell SCADA has information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-31607

DESCRIPTION

Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd. There is an information disclosure vulnerability in Haiwell SCADA, which an attacker can use to obtain sensitive software information.

Trust: 0.6

sources: CNVD: CNVD-2020-31607

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794 // IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a // CNVD: CNVD-2020-31607

AFFECTED PRODUCTS

vendor:haiweimodel:cloud configuration softwarescope:eqversion:3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-31607

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-31607
value: LOW

Trust: 0.6

IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794
value: LOW

Trust: 0.2

IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a
value: LOW

Trust: 0.2

CNVD: CNVD-2020-31607
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794 // IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a // CNVD: CNVD-2020-31607

TYPE

Information leakage

Trust: 0.4

sources: IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794 // IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a

PATCH

title:Haiwell SCADA has information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/217537

Trust: 0.6

sources: CNVD: CNVD-2020-31607

EXTERNAL IDS

db:CNVDid:CNVD-2020-31607

Trust: 1.0

db:IVDid:CDEF6ACB-FFF9-4A42-A4E8-1EDE6B6AD794

Trust: 0.2

db:IVDid:0B7D6B40-CDD4-4EFE-A811-3CCCA734AF1A

Trust: 0.2

sources: IVD: cdef6acb-fff9-4a42-a4e8-1ede6b6ad794 // IVD: 0b7d6b40-cdd4-4efe-a811-3ccca734af1a // CNVD: CNVD-2020-31607

SOURCES

db:IVDid:cdef6acb-fff9-4a42-a4e8-1ede6b6ad794
db:IVDid:0b7d6b40-cdd4-4efe-a811-3ccca734af1a
db:CNVDid:CNVD-2020-31607

LAST UPDATE DATE

2022-05-17T01:43:04.624000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31607date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:IVDid:cdef6acb-fff9-4a42-a4e8-1ede6b6ad794date:2020-06-25T00:00:00
db:IVDid:0b7d6b40-cdd4-4efe-a811-3ccca734af1adate:2020-06-25T00:00:00
db:CNVDid:CNVD-2020-31607date:2020-06-25T00:00:00