Details of VAR-202007-1489

ID

VAR-202007-1489

TITLE

Arbitrary code execution vulnerability in Haiwell cloud configuration software Cloud SCADA

Trust: 0.6

sources: CNVD: CNVD-2020-32540

DESCRIPTION

Xiamen Haiwei Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production, sales and service. The Haiwell cloud configuration software Cloud SCADA has an arbitrary code execution vulnerability that an attacker can use to obtain server permissions.

Trust: 0.6

sources: CNVD: CNVD-2020-32540

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-32540

AFFECTED PRODUCTS

vendor:

haiwei

model:

cloud configuration software

scope:

version:

3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-32540

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-32540
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-32540
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-32540

PATCH

title:

Arbitrary code execution vulnerability in Haiwell SCADA project file

url:

https://www.cnvd.org.cn/patchinfo/show/218103

Trust: 0.6

sources: CNVD: CNVD-2020-32540

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-32540

Trust: 0.6

sources: CNVD: CNVD-2020-32540

SOURCES

db:

CNVD

id:

CNVD-2020-32540

LAST UPDATE DATE

2022-05-04T09:32:46.284000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-32540

date:

2020-06-16T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-32540

date:

2020-07-02T00:00:00