VAR-201802-1342
Vulnerability from variot - Updated: 2022-05-17 01:50KingView 7.5 SP1 is the latest version of Kingview series, which provides strong support for users to improve engineering configuration efficiency and reduce project implementation costs.
HistorySvr.exe in KingView 7.5 SP1 has a denial of service vulnerability. The vulnerability is caused by reading a null pointer in the king.dll dynamic link library. Allowing remote attackers to submit socket requests containing special bytes, causing History.exe to crash. When the user closes the main program Touchvew and opens and runs Touchvew again, the history library is prompted: Failed to open the project mapped memory area. The vulnerability also exists in Kingview 6.6 SP2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingview sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "yakong",
"version": "6.6"
},
{
"model": "kingview 7.5sp1",
"scope": null,
"trust": 0.6,
"vendor": "yakong",
"version": null
},
{
"model": "kingview( kingview 7.5sp1",
"scope": "eq",
"trust": 0.2,
"vendor": "yakong",
"version": ")*"
},
{
"model": "kingview( kingview sp2",
"scope": "eq",
"trust": 0.2,
"vendor": "yakong",
"version": ")6.6*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-02901",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-02901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KingView 7.5 SP1 is the latest version of Kingview series, which provides strong support for users to improve engineering configuration efficiency and reduce project implementation costs. \n\nHistorySvr.exe in KingView 7.5 SP1 has a denial of service vulnerability. The vulnerability is caused by reading a null pointer in the king.dll dynamic link library. Allowing remote attackers to submit socket requests containing special bytes, causing History.exe to crash. When the user closes the main program Touchvew and opens and runs Touchvew again, the history library is prompted: Failed to open the project mapped memory area. The vulnerability also exists in Kingview 6.6 SP2",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02901"
},
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02901",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E9E140-39AB-11E9-9B32-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"id": "VAR-201802-1342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"last_update_date": "2022-05-17T01:50:55.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Asia Control King\u0027s HistorySvr.exe Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/115545"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02901"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asia Control Technology KingView HistorySvr.exe Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02901"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service",
"sources": [
{
"db": "IVD",
"id": "e2e9e140-39ab-11e9-9b32-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…