Details of VAR-202006-1915

ID

VAR-202006-1915

TITLE

Beijing Jiekong FameView configuration software has command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-26431

DESCRIPTION

FameView configuration software is a high-performance configuration monitoring software based on Windows operating system, which is developed by Beijing Jiekong Company based on many years of engineering application and service experience. It provides economical and perfect automation solutions. Beijing Jiekong FameView configuration software has a command execution loophole, which can be used by attackers to execute arbitrary commands.

Trust: 0.6

sources: CNVD: CNVD-2020-26431

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-26431

AFFECTED PRODUCTS

vendor:

jiekong

model:

fameview configuration software

scope:

version:

7.6.20.1

Trust: 0.6

sources: CNVD: CNVD-2020-26431

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-26431
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-26431
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-26431

PATCH

title:

FameView V7.6.20.1 control has command execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/214707

Trust: 0.6

sources: CNVD: CNVD-2020-26431

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-26431

Trust: 0.6

sources: CNVD: CNVD-2020-26431

SOURCES

db:

CNVD

id:

CNVD-2020-26431

LAST UPDATE DATE

2022-05-04T09:50:14.162000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-26431

date:

2020-05-06T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-26431

date:

2020-06-01T00:00:00