Details of VAR-202108-0116

ID

VAR-202108-0116

CVE

CVE-2020-18754

TITLE

MAC1100 PLC Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-62452 // CNNVD: CNNVD-202108-1381

DESCRIPTION

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. MAC1100 PLC is an industrial control product PLC. The control code in the PLC may be the company's core secret

Trust: 2.25

sources: NVD: CVE-2020-18754 // JVNDB: JVNDB-2019-016530 // CNVD: CNVD-2021-62452 // VULMON: CVE-2020-18754

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-62452

AFFECTED PRODUCTS

vendor:	dcce	model:	mac1100 plc	scope:	eq	version:	-	Trust: 1.0
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	eq	version:	-	Trust: 0.8
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	eq	version:	mac1100 plc firmware	Trust: 0.8
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	-	version:	-	Trust: 0.8
vendor:	dut	model:	computer control engineering co. ltd mac1100 plc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-62452 // JVNDB: JVNDB-2019-016530 // NVD: CVE-2020-18754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-18754
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-18754
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-62452
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-1381
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-18754
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-18754
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-62452
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-18754
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-18754
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-62452 // VULMON: CVE-2020-18754 // JVNDB: JVNDB-2019-016530 // CNNVD: CNNVD-202108-1381 // NVD: CVE-2020-18754

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016530 // NVD: CVE-2020-18754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1381

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202108-1381

PATCH

title:	Top Page	url:	http://dis.dcce.cn/	Trust: 0.8
title:	Patch for MAC1100 PLC Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/286061	Trust: 0.6

sources: CNVD: CNVD-2021-62452 // JVNDB: JVNDB-2019-016530

EXTERNAL IDS

db:	NVD	id:	CVE-2020-18754	Trust: 3.9
db:	JVNDB	id:	JVNDB-2019-016530	Trust: 0.8
db:	CNVD	id:	CNVD-2021-62452	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1381	Trust: 0.6
db:	VULMON	id:	CVE-2020-18754	Trust: 0.1

sources: CNVD: CNVD-2021-62452 // VULMON: CVE-2020-18754 // JVNDB: JVNDB-2019-016530 // CNNVD: CNNVD-202108-1381 // NVD: CVE-2020-18754

REFERENCES

url:	https://github.com/ni9htmar3/vulnerability/blob/master/plc/dcce/dcce%20mac1100%20plc_leak.md	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-18754	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-62452 // VULMON: CVE-2020-18754 // JVNDB: JVNDB-2019-016530 // CNNVD: CNNVD-202108-1381 // NVD: CVE-2020-18754

SOURCES

db:	CNVD	id:	CNVD-2021-62452
db:	VULMON	id:	CVE-2020-18754
db:	JVNDB	id:	JVNDB-2019-016530
db:	CNNVD	id:	CNNVD-202108-1381
db:	NVD	id:	CVE-2020-18754

LAST UPDATE DATE

2024-08-14T15:37:59.796000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-62452	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2020-18754	date:	2021-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-016530	date:	2022-07-15T00:57:00
db:	CNNVD	id:	CNNVD-202108-1381	date:	2021-08-30T00:00:00
db:	NVD	id:	CVE-2020-18754	date:	2023-03-31T16:00:48.493

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-62452	date:	2021-08-17T00:00:00
db:	VULMON	id:	CVE-2020-18754	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-016530	date:	2022-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202108-1381	date:	2021-08-13T00:00:00
db:	NVD	id:	CVE-2020-18754	date:	2021-08-13T17:15:16.320