Details of VAR-202104-2055

ID

VAR-202104-2055

TITLE

SQL injection vulnerability exists in the water rights trading system (CNVD-2021-18287)

Trust: 0.6

sources: CNVD: CNVD-2021-18287

DESCRIPTION

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-18287

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18287

AFFECTED PRODUCTS

vendor:

liulin automation equipment

model:

water rights trading system

scope:

version:

2017

Trust: 0.6

sources: CNVD: CNVD-2021-18287

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-18287
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-18287
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-18287

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-18287

Trust: 0.6

sources: CNVD: CNVD-2021-18287

SOURCES

db:

CNVD

id:

CNVD-2021-18287

LAST UPDATE DATE

2022-05-04T10:21:13.926000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-18287

date:

2021-03-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-18287

date:

2021-04-12T00:00:00