Details of VAR-202007-1496

ID

VAR-202007-1496

TITLE

Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an authorization bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-38434

DESCRIPTION

Haiwell Cloud Configuration Software is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co., Ltd. Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an authorization bypass vulnerability. Attackers can use this vulnerability to bypass the authorization interface and enter the platform.

Trust: 0.6

sources: CNVD: CNVD-2020-38434

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-38434

AFFECTED PRODUCTS

vendor:

haiwell

model:

cloud configuration software

scope:

version:

3.18.0.25

Trust: 0.6

sources: CNVD: CNVD-2020-38434

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-38434
value:	LOW
Trust: 0.6

CNVD:	CNVD-2020-38434
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-38434

PATCH

title:

Haiwell SCADA has an authorization bypass vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/218127

Trust: 0.6

sources: CNVD: CNVD-2020-38434

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-38434

Trust: 0.6

sources: CNVD: CNVD-2020-38434

SOURCES

db:

CNVD

id:

CNVD-2020-38434

LAST UPDATE DATE

2022-05-04T10:18:15.829000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-38434

date:

2020-07-15T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-38434

date:

2020-07-04T00:00:00