Sign-up

ID

VAR-202104-2059


TITLE

An SQL injection vulnerability exists in the WDECP-IC card measurement management platform of Tangshan Liulin Automation Equipment Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2021-18304

DESCRIPTION

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise engaged in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. The WDECP-IC card measurement management platform of Tangshan Liulin Automation Equipment Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-18304

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-18304

AFFECTED PRODUCTS

vendor:liulin automation equipmentmodel:wdecp-ic card measurement management platformscope:eqversion:9.1.0.103

Trust: 0.6

sources: CNVD: CNVD-2021-18304

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-18304
value: HIGH

Trust: 0.6

CNVD: CNVD-2021-18304
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-18304

EXTERNAL IDS

db:CNVDid:CNVD-2021-18304

Trust: 0.6

sources: CNVD: CNVD-2021-18304

SOURCES

db:CNVDid:CNVD-2021-18304

LAST UPDATE DATE

2022-05-04T08:33:01.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-18304date:2021-03-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-18304date:2021-04-12T00:00:00