VAR-201807-2222
Vulnerability from variot - Updated: 2022-05-17 02:08Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure.
NA-VIEW has a memory corruption vulnerability. The vulnerability is caused by NA-VIEW's failure to determine whether the return value of the GetNext function is legal when analyzing the project. Attackers can exploit vulnerabilities to cause software to crash by constructing illegal data passed into functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "na-view touch screen configuration software",
"scope": "eq",
"trust": 0.6,
"vendor": "nandao jiangsu",
"version": "v2.0"
},
{
"model": "na-view touch screen configuration software inch touch screen only)",
"scope": "eq",
"trust": 0.2,
"vendor": "nanda auto jiangsu",
"version": "(15v2.0"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-13549",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-13549",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. \n\nNA-VIEW has a memory corruption vulnerability. The vulnerability is caused by NA-VIEW\u0027s failure to determine whether the return value of the GetNext function is legal when analyzing the project. Attackers can exploit vulnerabilities to cause software to crash by constructing illegal data passed into functions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13549"
},
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13549",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F775D1-39AB-11E9-AEAB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"id": "VAR-201807-2222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"last_update_date": "2022-05-17T02:08:02.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Memory corruption vulnerability in NA-VIEW touch screen configuration software (for 15-inch touch screen only) V2.0",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/133633"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-20T00:00:00",
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
},
{
"date": "2018-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13549"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NA-VIEW has a memory corruption vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13549"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "e2f775d1-39ab-11e9-aeab-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…