Details of VAR-201805-1203

ID

VAR-201805-1203

TITLE

DCCE MAC1100 PLC has information disclosure vulnerability (CNVD-2018-08782)

Trust: 0.6

sources: CNVD: CNVD-2018-08782

DESCRIPTION

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. This product is widely used in important industrial control sites such as intelligent buildings, power data monitoring, thermal control systems, and enterprise management systems. DCCE MAC1100 PLC has an information disclosure vulnerability. The vulnerability originates from the MAC1100 PLC using the EPA protocol to communicate on port 11000. An attacker can use the vulnerability to read a specific storage area, collect relevant device information in the PLC, and can be used for PLC device identification attacks

Trust: 0.72

sources: CNVD: CNVD-2018-08782 // IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1 // CNVD: CNVD-2018-08782

AFFECTED PRODUCTS

vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac series plc mac1100	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1 // CNVD: CNVD-2018-08782

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08782
value:	MEDIUM
Trust: 0.6
IVD:	e2edd8e2-39ab-11e9-8594-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-08782
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2edd8e2-39ab-11e9-8594-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1 // CNVD: CNVD-2018-08782

TYPE

Information leakage

Trust: 0.2

sources: IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1

PATCH

title:

Information Disclosure Vulnerability in DCCE MAC1100 PLC (CNVD-2018-08782)

url:

https://www.cnvd.org.cn/patchinfo/show/125777

Trust: 0.6

sources: CNVD: CNVD-2018-08782

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08782	Trust: 0.8
db:	IVD	id:	E2EDD8E2-39AB-11E9-8594-000C29342CB1	Trust: 0.2

sources: IVD: e2edd8e2-39ab-11e9-8594-000c29342cb1 // CNVD: CNVD-2018-08782

SOURCES

db:	IVD	id:	e2edd8e2-39ab-11e9-8594-000c29342cb1
db:	CNVD	id:	CNVD-2018-08782

LAST UPDATE DATE

2022-05-17T01:36:16.117000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08782

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2edd8e2-39ab-11e9-8594-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08782	date:	2018-05-28T00:00:00