Sign-up

ID

VAR-202006-1865


TITLE

Haiwell SCADA has arbitrary file download vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-31606

DESCRIPTION

Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd. Haiwell SCADA has an arbitrary file download vulnerability, which can be exploited by attackers to obtain software sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2020-31606

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: a093a551-48f2-4683-9e6f-019f46500f5b // IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32 // CNVD: CNVD-2020-31606

AFFECTED PRODUCTS

vendor:haiweimodel:cloud configuration softwarescope:eqversion:3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-31606

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-31606
value: LOW

Trust: 0.6

IVD: a093a551-48f2-4683-9e6f-019f46500f5b
value: LOW

Trust: 0.2

IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32
value: LOW

Trust: 0.2

CNVD: CNVD-2020-31606
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a093a551-48f2-4683-9e6f-019f46500f5b
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a093a551-48f2-4683-9e6f-019f46500f5b // IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32 // CNVD: CNVD-2020-31606

TYPE

other

Trust: 0.4

sources: IVD: a093a551-48f2-4683-9e6f-019f46500f5b // IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32

PATCH

title:Haiwell SCADA has arbitrary file download vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/217531

Trust: 0.6

sources: CNVD: CNVD-2020-31606

EXTERNAL IDS

db:CNVDid:CNVD-2020-31606

Trust: 1.0

db:IVDid:A093A551-48F2-4683-9E6F-019F46500F5B

Trust: 0.2

db:IVDid:A4010ECB-099A-4093-8EBE-4ACA1A106A32

Trust: 0.2

sources: IVD: a093a551-48f2-4683-9e6f-019f46500f5b // IVD: a4010ecb-099a-4093-8ebe-4aca1a106a32 // CNVD: CNVD-2020-31606

SOURCES

db:IVDid:a093a551-48f2-4683-9e6f-019f46500f5b
db:IVDid:a4010ecb-099a-4093-8ebe-4aca1a106a32
db:CNVDid:CNVD-2020-31606

LAST UPDATE DATE

2022-05-17T01:36:00.395000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31606date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:IVDid:a093a551-48f2-4683-9e6f-019f46500f5bdate:2020-06-25T00:00:00
db:IVDid:a4010ecb-099a-4093-8ebe-4aca1a106a32date:2020-06-25T00:00:00
db:CNVDid:CNVD-2020-31606date:2020-06-25T00:00:00