Details of VAR-202012-1614

ID

VAR-202012-1614

TITLE

An arbitrary file deletion vulnerability exists in Nanjing Xindi Eco-God Windows Network Web Edition

Trust: 0.6

sources: CNVD: CNVD-2020-62382

DESCRIPTION

Nanjing Xindison Software Technology Co., Ltd. is a high-tech enterprise specializing in the development and sales of industrial control general configuration and embedded software. There is an arbitrary file deletion vulnerability in the Windows web version of Nanjing Xindi Eco-God. Attackers can use this vulnerability to delete files arbitrarily, which will affect the integrity of the application.

Trust: 0.6

sources: CNVD: CNVD-2020-62382

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-62382

AFFECTED PRODUCTS

vendor:

xindison

model:

state god windows network web edition

scope:

version:

v7.0.0.8

Trust: 0.6

sources: CNVD: CNVD-2020-62382

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-62382
value:	LOW
Trust: 0.6

CNVD:	CNVD-2020-62382
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-62382

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-62382

Trust: 0.6

sources: CNVD: CNVD-2020-62382

SOURCES

db:

CNVD

id:

CNVD-2020-62382

LAST UPDATE DATE

2022-05-04T09:08:45.730000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-62382

date:

2020-11-12T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-62382

date:

2020-12-07T00:00:00