Details of VAR-201809-1206

ID

VAR-201809-1206

TITLE

Remote control command vulnerability exists in omron PLC SYSMAC CP1L

Trust: 0.6

sources: CNVD: CNVD-2018-17462

DESCRIPTION

omron PLC SYSMAC CP1L is a PLC from Omron There is a remote control command vulnerability in omron PLC SYSMAC CP1L. An attacker can use this vulnerability to switch the PLC to monitoring mode and then set and force write to the PLC. It can also operate I / O points and auxiliary relays and can be modified online. program

Trust: 0.72

sources: CNVD: CNVD-2018-17462 // IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1 // CNVD: CNVD-2018-17462

AFFECTED PRODUCTS

vendor:	omron automation	model:	plc sysmac cp1l	scope:	-	version:	-	Trust: 0.6
vendor:	omron automation	model:	plc sysmac cp1l	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1 // CNVD: CNVD-2018-17462

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-17462
value:	HIGH
Trust: 0.6
IVD:	e2f94a90-39ab-11e9-87a3-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-17462
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f94a90-39ab-11e9-87a3-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1 // CNVD: CNVD-2018-17462

TYPE

Control error

Trust: 0.2

sources: IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1

EXTERNAL IDS

db:	CNVD	id:	CNVD-2018-17462	Trust: 0.8
db:	IVD	id:	E2F94A90-39AB-11E9-87A3-000C29342CB1	Trust: 0.2

sources: IVD: e2f94a90-39ab-11e9-87a3-000c29342cb1 // CNVD: CNVD-2018-17462

SOURCES

db:	IVD	id:	e2f94a90-39ab-11e9-87a3-000c29342cb1
db:	CNVD	id:	CNVD-2018-17462

LAST UPDATE DATE

2022-05-17T02:09:44.289000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-17462

date:

2018-09-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f94a90-39ab-11e9-87a3-000c29342cb1	date:	2018-09-05T00:00:00
db:	CNVD	id:	CNVD-2018-17462	date:	2018-09-22T00:00:00