Details of VAR-201805-1200

ID

VAR-201805-1200

TITLE

DCCE MAC1100 PLC has remote code upload vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-10449

DESCRIPTION

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. A remote code upload vulnerability exists in the DCCE MAC1100 PLC. Attackers can use this vulnerability to construct malicious control codes, remotely upload control codes in arbitrary PLCs, and overwrite the original control codes in PLCs, affecting the availability and integrity of the system and the normal operation of the PLC

Trust: 0.72

sources: CNVD: CNVD-2018-10449 // IVD: e2f1a970-39ab-11e9-812a-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f1a970-39ab-11e9-812a-000c29342cb1 // CNVD: CNVD-2018-10449

AFFECTED PRODUCTS

vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f1a970-39ab-11e9-812a-000c29342cb1 // CNVD: CNVD-2018-10449

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-10449
value:	HIGH
Trust: 0.6
IVD:	e2f1a970-39ab-11e9-812a-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-10449
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f1a970-39ab-11e9-812a-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f1a970-39ab-11e9-812a-000c29342cb1 // CNVD: CNVD-2018-10449

TYPE

Code injection

Trust: 0.2

sources: IVD: e2f1a970-39ab-11e9-812a-000c29342cb1

PATCH

title:

File upload vulnerability in DCCE MAC1100 PLC

url:

https://www.cnvd.org.cn/patchinfo/show/129305

Trust: 0.6

sources: CNVD: CNVD-2018-10449

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-10449	Trust: 0.8
db:	IVD	id:	E2F1A970-39AB-11E9-812A-000C29342CB1	Trust: 0.2

sources: IVD: e2f1a970-39ab-11e9-812a-000c29342cb1 // CNVD: CNVD-2018-10449

SOURCES

db:	IVD	id:	e2f1a970-39ab-11e9-812a-000c29342cb1
db:	CNVD	id:	CNVD-2018-10449

LAST UPDATE DATE

2022-05-17T01:41:03.378000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-10449

date:

2018-05-31T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f1a970-39ab-11e9-812a-000c29342cb1	date:	2018-05-29T00:00:00
db:	CNVD	id:	CNVD-2018-10449	date:	2018-06-28T00:00:00