Details of VAR-201809-1202

ID

VAR-201809-1202

TITLE

DCCE MAC1100 PLC has arbitrary program coverage vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-19112

DESCRIPTION

MAC1100 PLC is a programmable logic controller produced by Dalian University of Technology Computer Control Engineering Co., Ltd. There is an arbitrary program coverage vulnerability in the DCCE MAC1100 PLC. The vulnerability originates from the MAC1100 PLC programmable logic controller downloading the program to the PLC without verifying the relevant permissions. An attacker can remotely download the program's data package to cover any program with the vulnerability

Trust: 0.72

sources: CNVD: CNVD-2018-19112 // IVD: e2faf842-39ab-11e9-b800-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2faf842-39ab-11e9-b800-000c29342cb1 // CNVD: CNVD-2018-19112

AFFECTED PRODUCTS

vendor:	dalian university of computer control engineering	model:	mac1100 plc	scope:	-	version:	-	Trust: 0.6
vendor:	dalian university of computer control engineering	model:	mac1100 plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2faf842-39ab-11e9-b800-000c29342cb1 // CNVD: CNVD-2018-19112

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-19112
value:	HIGH
Trust: 0.6
IVD:	e2faf842-39ab-11e9-b800-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-19112
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2faf842-39ab-11e9-b800-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2faf842-39ab-11e9-b800-000c29342cb1 // CNVD: CNVD-2018-19112

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: e2faf842-39ab-11e9-b800-000c29342cb1

PATCH

title:

DCCE MAC1100 PLC has unauthorized access vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/137919

Trust: 0.6

sources: CNVD: CNVD-2018-19112

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-19112	Trust: 0.8
db:	IVD	id:	E2FAF842-39AB-11E9-B800-000C29342CB1	Trust: 0.2

sources: IVD: e2faf842-39ab-11e9-b800-000c29342cb1 // CNVD: CNVD-2018-19112

SOURCES

db:	IVD	id:	e2faf842-39ab-11e9-b800-000c29342cb1
db:	CNVD	id:	CNVD-2018-19112

LAST UPDATE DATE

2022-05-17T01:40:59.502000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-19112

date:

2018-09-19T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2faf842-39ab-11e9-b800-000c29342cb1	date:	2018-09-18T00:00:00
db:	CNVD	id:	CNVD-2018-19112	date:	2018-10-01T00:00:00