Details of VAR-202104-1977

ID

VAR-202104-1977

TITLE

Quick control configuration software has information leakage vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-21764

DESCRIPTION

Quick control configuration software is a monitoring software used in industrial power and other fields. The quick control configuration software has an information disclosure vulnerability. Attackers can use the vulnerability to delete the password field in the project file, bypass the password protection, and decrypt the entire project, resulting in the leakage of confidential information in the configuration project, such as the network topology in the industrial control network, PLC device IP and other information.

Trust: 0.6

sources: CNVD: CNVD-2021-21764

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21764

AFFECTED PRODUCTS

vendor:

luohusi automation

model:

quick control configuration software 6.0sp16

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-21764

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-21764
value:	LOW
Trust: 0.6

CNVD:	CNVD-2021-21764
severity:	LOW
baseScore:	2.4
vectorString:	AV:L/AC:H/AU:S/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-21764

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-21764

Trust: 0.6

sources: CNVD: CNVD-2021-21764

SOURCES

db:

CNVD

id:

CNVD-2021-21764

LAST UPDATE DATE

2022-05-04T09:37:47.595000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-21764

date:

2021-03-23T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-21764

date:

2021-04-15T00:00:00