VAR-201809-1209
Vulnerability from variot - Updated: 2022-05-17 02:08UWinTech Pro control engineering application software platform professional version is based on multi-platform heterogeneous systems such as Windows 7 / Windows XP and real-time OS. It adopts multi-tasking, multi-threading and component structure design technologies. It integrates field data collection, I / O module diagnostic configuration, and distributed real-time. Database, control algorithm real-time execution, graphic monitoring and real-time software are run on different levels of hardware platforms respectively. Through the control network and the system network, various data, management and control information are exchanged to coordinately complete the various distributed control systems. Features.
An unauthorized access vulnerability exists in the UWinTech Pro control engineering application software platform. Attackers can use this vulnerability to gain unauthorized access to sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hangzhou youwen automation system co. ltd. edition uwintechpro1.05",
"scope": null,
"trust": 0.6,
"vendor": "youwen automation system",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "youwen automation system",
"version": "*"
},
{
"model": "uwintechpro1.05",
"scope": "eq",
"trust": 0.2,
"vendor": "youwen automation system",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2018-19469",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-19469",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UWinTech Pro control engineering application software platform professional version is based on multi-platform heterogeneous systems such as Windows 7 / Windows XP and real-time OS. It adopts multi-tasking, multi-threading and component structure design technologies. It integrates field data collection, I / O module diagnostic configuration, and distributed real-time. Database, control algorithm real-time execution, graphic monitoring and real-time software are run on different levels of hardware platforms respectively. Through the control network and the system network, various data, management and control information are exchanged to coordinately complete the various distributed control systems. Features. \n\nAn unauthorized access vulnerability exists in the UWinTech Pro control engineering application software platform. Attackers can use this vulnerability to gain unauthorized access to sensitive information",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19469"
},
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19469",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FC7EE1-39AB-11E9-9AD3-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"id": "VAR-201809-1209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"last_update_date": "2022-05-17T02:08:02.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Unauthorized access vulnerability exists in Hangzhou UwinTech control engineering application software platform",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/137637"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-20T00:00:00",
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19469"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UWinTech Pro control engineering application software platform has unauthorized access vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19469"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "e2fc7ee1-39ab-11e9-9ad3-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…