Details of VAR-201805-1197

ID

VAR-201805-1197

TITLE

Tencent T920 PLC Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08789

DESCRIPTION

T-920 Programmable Logic Controller (PLC) is one of the products of China TENGCONTROL TECHNOLOGY T9 series of programmable logic controller (PLC) series. The plant products are widely used in important industrial control sites such as tobacco, petrochemical and water affairs. Tencent T920 PLC has a denial of service vulnerability. An attacker can use the vulnerability to construct a specific network data packet to make Teng920 T-920 CPU deny service during communication. The CPU enters a failure mode and affects the normal operation of the controller

Trust: 0.72

sources: CNVD: CNVD-2018-08789 // IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1 // CNVD: CNVD-2018-08789

AFFECTED PRODUCTS

vendor:

tengkong

model:

t-920 plc

scope:

version:

v5.5

Trust: 0.8

sources: IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1 // CNVD: CNVD-2018-08789

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08789
value:	HIGH
Trust: 0.6
IVD:	e2ee7521-39ab-11e9-8efe-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08789
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee7521-39ab-11e9-8efe-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1 // CNVD: CNVD-2018-08789

TYPE

Denial of service

Trust: 0.2

sources: IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1

PATCH

title:

Tencent T920 PLC Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125615

Trust: 0.6

sources: CNVD: CNVD-2018-08789

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08789	Trust: 0.8
db:	IVD	id:	E2EE7521-39AB-11E9-8EFE-000C29342CB1	Trust: 0.2

sources: IVD: e2ee7521-39ab-11e9-8efe-000c29342cb1 // CNVD: CNVD-2018-08789

SOURCES

db:	IVD	id:	e2ee7521-39ab-11e9-8efe-000c29342cb1
db:	CNVD	id:	CNVD-2018-08789

LAST UPDATE DATE

2022-05-17T02:02:24.642000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08789

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee7521-39ab-11e9-8efe-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08789	date:	2018-05-27T00:00:00