Details of VAR-201805-1201

ID

VAR-201805-1201

TITLE

DCCE MAC1100 PLC has arbitrary file reading vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-10451

DESCRIPTION

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. DCCE MAC1100 PLC has an arbitrary file reading vulnerability. An attacker could use this vulnerability to read the contents of any variable area of the controller

Trust: 0.72

sources: CNVD: CNVD-2018-10451 // IVD: e2f15b51-39ab-11e9-9344-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f15b51-39ab-11e9-9344-000c29342cb1 // CNVD: CNVD-2018-10451

AFFECTED PRODUCTS

vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f15b51-39ab-11e9-9344-000c29342cb1 // CNVD: CNVD-2018-10451

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-10451
value:	MEDIUM
Trust: 0.6
IVD:	e2f15b51-39ab-11e9-9344-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-10451
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f15b51-39ab-11e9-9344-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f15b51-39ab-11e9-9344-000c29342cb1 // CNVD: CNVD-2018-10451

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: e2f15b51-39ab-11e9-9344-000c29342cb1

PATCH

title:

DCCE MAC1100 PLC has arbitrary file reading vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/129303

Trust: 0.6

sources: CNVD: CNVD-2018-10451

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-10451	Trust: 0.8
db:	IVD	id:	E2F15B51-39AB-11E9-9344-000C29342CB1	Trust: 0.2

sources: IVD: e2f15b51-39ab-11e9-9344-000c29342cb1 // CNVD: CNVD-2018-10451

SOURCES

db:	IVD	id:	e2f15b51-39ab-11e9-9344-000c29342cb1
db:	CNVD	id:	CNVD-2018-10451

LAST UPDATE DATE

2022-05-17T02:07:04.767000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-10451

date:

2018-05-31T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f15b51-39ab-11e9-9344-000c29342cb1	date:	2018-05-29T00:00:00
db:	CNVD	id:	CNVD-2018-10451	date:	2018-06-28T00:00:00