Details of VAR-202101-2021

ID

VAR-202101-2021

TITLE

Binary vulnerability exists in KINCO DTools

Trust: 0.6

sources: CNVD: CNVD-2020-68575

DESCRIPTION

Shanghai Buke Automation Co., Ltd. has been focusing on the research and development, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions Wait. There is a binary vulnerability in KINCO DTools. Attackers can use the vulnerability to construct malformed wav audio and cause the program to crash.

Trust: 0.6

sources: CNVD: CNVD-2020-68575

IOT TAXONOMY

category:

['IoT', 'ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-68575

AFFECTED PRODUCTS

vendor:

step automation

model:

kinco dtools

scope:

version:

v3.5.1

Trust: 0.6

sources: CNVD: CNVD-2020-68575

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-68575
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-68575
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-68575

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-68575

Trust: 0.6

sources: CNVD: CNVD-2020-68575

SOURCES

db:

CNVD

id:

CNVD-2020-68575

LAST UPDATE DATE

2022-05-04T09:08:43.645000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-68575

date:

2020-12-03T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-68575

date:

2021-01-03T00:00:00