Details of VAR-201805-1204

ID

VAR-201805-1204

TITLE

DCCE MAC1100 PLC Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08783

DESCRIPTION

The MAC1100PLC Programmable Logic Controller (PLC) is a product of the Dalian Controller (DCCE) Programmable Logic Controller (PLC) family. The product is widely used in important industrial control sites such as intelligent buildings, power data monitoring, heat control systems, and enterprise management systems. An information disclosure vulnerability exists in DCCEMAC1100PLC. The vulnerability stems from the fact that the MAC1100PLC uses the EPA protocol to communicate on port 11000, which can be exploited by an attacker to remotely download control code from the PLC

Trust: 0.72

sources: CNVD: CNVD-2018-08783 // IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1 // CNVD: CNVD-2018-08783

AFFECTED PRODUCTS

vendor:	dalian institute of computer control engineering	model:	mac small and medium controller mac1100	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac small and medium controller mac1100	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1 // CNVD: CNVD-2018-08783

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08783
value:	MEDIUM
Trust: 0.6
IVD:	e2edfff0-39ab-11e9-87c6-000c29342cb1
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2018-08783
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2edfff0-39ab-11e9-87c6-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1 // CNVD: CNVD-2018-08783

TYPE

Information leakage

Trust: 0.2

sources: IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1

PATCH

title:

DCCEMAC1100PLC Information Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125775

Trust: 0.6

sources: CNVD: CNVD-2018-08783

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-08783	Trust: 0.8
db:	IVD	id:	E2EDFFF0-39AB-11E9-87C6-000C29342CB1	Trust: 0.2

sources: IVD: e2edfff0-39ab-11e9-87c6-000c29342cb1 // CNVD: CNVD-2018-08783

REFERENCES

url:

http://www.dcce.cn

Trust: 0.6

sources: CNVD: CNVD-2018-08783

SOURCES

db:	IVD	id:	e2edfff0-39ab-11e9-87c6-000c29342cb1
db:	CNVD	id:	CNVD-2018-08783

LAST UPDATE DATE

2022-05-17T02:08:02.977000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08783

date:

2018-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2edfff0-39ab-11e9-87c6-000c29342cb1	date:	2018-05-03T00:00:00
db:	CNVD	id:	CNVD-2018-08783	date:	2018-05-28T00:00:00