Details of VAR-201001-0320

ID

VAR-201001-0320

TITLE

MicroLogix Controller Password Leak and Security Restriction Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0117

DESCRIPTION

MicroLogix is a series of small programmable controllers widely used in the field of industrial automation. Vulnerabilities in the communication protocol of the MicroLogix controller may allow users to intercept and decrypt passwords, and vulnerabilities in the authentication mechanism may allow users to gain unauthorized access and change product settings

Trust: 0.9

sources: CNVD: CNVD-2010-0117 // IVD: 5eddebb2-1fc3-11e6-abef-000c29c66e3d // IVD: 7d7c689e-463f-11e9-af98-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 5eddebb2-1fc3-11e6-abef-000c29c66e3d // IVD: 7d7c689e-463f-11e9-af98-000c29342cb1 // CNVD: CNVD-2010-0117

AFFECTED PRODUCTS

vendor:

none

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2010-0117

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2010-0117
value:	MEDIUM
Trust: 0.6
IVD:	5eddebb2-1fc3-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d7c689e-463f-11e9-af98-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2010-0117
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5eddebb2-1fc3-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d7c689e-463f-11e9-af98-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 5eddebb2-1fc3-11e6-abef-000c29c66e3d // IVD: 7d7c689e-463f-11e9-af98-000c29342cb1 // CNVD: CNVD-2010-0117

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 5eddebb2-1fc3-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2010-0117	Trust: 1.0
db:	IVD	id:	5EDDEBB2-1FC3-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7C689E-463F-11E9-AF98-000C29342CB1	Trust: 0.2

sources: IVD: 5eddebb2-1fc3-11e6-abef-000c29c66e3d // IVD: 7d7c689e-463f-11e9-af98-000c29342cb1 // CNVD: CNVD-2010-0117

SOURCES

db:	IVD	id:	5eddebb2-1fc3-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7c689e-463f-11e9-af98-000c29342cb1
db:	CNVD	id:	CNVD-2010-0117

LAST UPDATE DATE

2022-05-17T01:48:48.552000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2010-0117

date:

2019-12-26T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	5eddebb2-1fc3-11e6-abef-000c29c66e3d	date:	2010-01-20T00:00:00
db:	IVD	id:	7d7c689e-463f-11e9-af98-000c29342cb1	date:	2010-01-20T00:00:00
db:	CNVD	id:	CNVD-2010-0117	date:	2010-01-20T00:00:00