ID

VAR-201805-1199


TITLE

DCCE MAC1100 PLC has arbitrary memory tampering vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-10450

DESCRIPTION

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. The DCCE MAC1100 PLC has an arbitrary memory tampering vulnerability. An attacker can use this vulnerability to arbitrarily write and tamper with the contents of a variable area, construct a malicious data packet to arbitrarily read and write the value of the output coil, and affect the normal operation of the PLC. PLC Normal operation

Trust: 0.72

sources: CNVD: CNVD-2018-10450 // IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1 // CNVD: CNVD-2018-10450

AFFECTED PRODUCTS

vendor:dalian university of computer control engineeringmodel:mac series plc mac1100scope: - version: -

Trust: 0.6

vendor:dalian university of computer control engineeringmodel:mac series plc mac1100scope:eqversion:*

Trust: 0.2

sources: IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1 // CNVD: CNVD-2018-10450

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-10450
value: HIGH

Trust: 0.6

IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1
value: HIGH

Trust: 0.2

CNVD: CNVD-2018-10450
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1 // CNVD: CNVD-2018-10450

TYPE

Resource management error

Trust: 0.2

sources: IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1

PATCH

title:DCCE MAC1100 PLC has code execution vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/129327

Trust: 0.6

sources: CNVD: CNVD-2018-10450

EXTERNAL IDS

db:CNVDid:CNVD-2018-10450

Trust: 0.8

db:IVDid:E2F18261-39AB-11E9-BC9E-000C29342CB1

Trust: 0.2

sources: IVD: e2f18261-39ab-11e9-bc9e-000c29342cb1 // CNVD: CNVD-2018-10450

SOURCES

db:IVDid:e2f18261-39ab-11e9-bc9e-000c29342cb1
db:CNVDid:CNVD-2018-10450

LAST UPDATE DATE

2022-05-17T02:02:24.627000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-10450date:2018-05-31T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2f18261-39ab-11e9-bc9e-000c29342cb1date:2018-05-29T00:00:00
db:CNVDid:CNVD-2018-10450date:2018-06-28T00:00:00