Details of VAR-202102-1600

ID

VAR-202102-1600

TITLE

SQL injection vulnerability exists in WDECP-IC card metering management platform

Trust: 0.6

sources: CNVD: CNVD-2021-03509

DESCRIPTION

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise engaged in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. The WDECP-IC card measurement management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-03509

IOT TAXONOMY

category:

['IoT', 'ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-03509

AFFECTED PRODUCTS

vendor:

liulin automation equipment

model:

wdecp-ic card measurement management platform wdecp-ic 2.2.02 0 20200929 wdecp-ic

scope:

version:

/v9.1.0.103

Trust: 0.6

sources: CNVD: CNVD-2021-03509

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-03509
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-03509
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-03509

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-03509

Trust: 0.6

sources: CNVD: CNVD-2021-03509

SOURCES

db:

CNVD

id:

CNVD-2021-03509

LAST UPDATE DATE

2022-05-04T09:46:04.677000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-03509

date:

2021-01-18T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-03509

date:

2021-02-22T00:00:00