Details of VAR-201805-1195

ID

VAR-201805-1195

TITLE

Tencent T920 PLC Denial of Service Vulnerability (CNVD-2018-08788)

Trust: 0.6

sources: CNVD: CNVD-2018-08788

DESCRIPTION

T-920 Programmable Logic Controller (PLC) is one of the products of China TENGCONTROL TECHNOLOGY T9 series of programmable logic controller (PLC) series. The plant products are widely used in important industrial control sites such as tobacco, petrochemical and water affairs. Tencent T920 PLC has a denial of service vulnerability. An attacker can use the vulnerability to construct a specific network data packet to make Teng920 T-920 CPU deny service during communication. The CPU enters a failure mode and affects the normal operation of the controller

Trust: 0.72

sources: CNVD: CNVD-2018-08788 // IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1 // CNVD: CNVD-2018-08788

AFFECTED PRODUCTS

vendor:

tengkong

model:

t-920 plc

scope:

version:

v5.5

Trust: 0.8

sources: IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1 // CNVD: CNVD-2018-08788

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08788
value:	HIGH
Trust: 0.6
IVD:	e2ee4e10-39ab-11e9-b87f-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08788
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee4e10-39ab-11e9-b87f-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1 // CNVD: CNVD-2018-08788

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1

PATCH

title:

Tencent T920 PLC Denial of Service Vulnerability (CNVD-2018-08788)

url:

https://www.cnvd.org.cn/patchinfo/show/125613

Trust: 0.6

sources: CNVD: CNVD-2018-08788

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08788	Trust: 0.8
db:	IVD	id:	E2EE4E10-39AB-11E9-B87F-000C29342CB1	Trust: 0.2

sources: IVD: e2ee4e10-39ab-11e9-b87f-000c29342cb1 // CNVD: CNVD-2018-08788

SOURCES

db:	IVD	id:	e2ee4e10-39ab-11e9-b87f-000c29342cb1
db:	CNVD	id:	CNVD-2018-08788

LAST UPDATE DATE

2022-05-17T01:55:46.905000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08788

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee4e10-39ab-11e9-b87f-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08788	date:	2018-05-27T00:00:00