Details of VAR-201805-1198

ID

VAR-201805-1198

TITLE

MAC1100 PLC has a remote control vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08787

DESCRIPTION

The MAC1100PLC Programmable Logic Controller (PLC) is a product of the Dalian Controller (DCCE) Programmable Logic Controller (PLC) family. A remote control vulnerability exists in the MAC1100PLC. The attacker can use the vulnerability to directly control the opening and stopping of the PLC remotely, which affects the normal operation of the controller

Trust: 0.72

sources: CNVD: CNVD-2018-08787 // IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1 // CNVD: CNVD-2018-08787

AFFECTED PRODUCTS

vendor:	dalian institute of computer control engineering	model:	mac series plc mac1100	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1 // CNVD: CNVD-2018-08787

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08787
value:	HIGH
Trust: 0.6
IVD:	e2ee4e0f-39ab-11e9-975c-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-08787
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee4e0f-39ab-11e9-975c-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1 // CNVD: CNVD-2018-08787

TYPE

Control error

Trust: 0.2

sources: IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1

PATCH

title:

Remote control vulnerability exists in MAC1100PLC

url:

https://www.cnvd.org.cn/patchinfo/show/125611

Trust: 0.6

sources: CNVD: CNVD-2018-08787

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08787	Trust: 0.8
db:	IVD	id:	E2EE4E0F-39AB-11E9-975C-000C29342CB1	Trust: 0.2

sources: IVD: e2ee4e0f-39ab-11e9-975c-000c29342cb1 // CNVD: CNVD-2018-08787

REFERENCES

url:

http://www.dcce.cn

Trust: 0.6

sources: CNVD: CNVD-2018-08787

SOURCES

db:	IVD	id:	e2ee4e0f-39ab-11e9-975c-000c29342cb1
db:	CNVD	id:	CNVD-2018-08787

LAST UPDATE DATE

2022-05-17T01:52:35.439000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08787

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2ee4e0f-39ab-11e9-975c-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08787	date:	2018-05-27T00:00:00