Details of VAR-202108-0117

ID

VAR-202108-0117

CVE

CVE-2020-18756

TITLE

Dut Computer Control Engineering Co. PLC MAC1100 Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016516

DESCRIPTION

An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area. Dut Computer Control Engineering Co. PLC MAC1100 Exists in an out-of-bounds read vulnerability.Information may be obtained. MAC1100 PLC is an industrial control product PLC. There is a security loophole in the EPA protocol of MAC1100 PLC. Attackers can use this loophole to read the contents of arbitrary memory

Trust: 2.25

sources: NVD: CVE-2020-18756 // JVNDB: JVNDB-2019-016516 // CNVD: CNVD-2021-62450 // VULMON: CVE-2020-18756

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-62450

AFFECTED PRODUCTS

vendor:	dcce	model:	mac1100 plc	scope:	eq	version:	-	Trust: 1.0
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	eq	version:	mac1100 plc firmware	Trust: 0.8
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	eq	version:	-	Trust: 0.8
vendor:	dut computer control engineering	model:	mac1100 plc	scope:	-	version:	-	Trust: 0.8
vendor:	dut	model:	computer control engineering co. ltd mac1100 plc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-62450 // JVNDB: JVNDB-2019-016516 // NVD: CVE-2020-18756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-18756
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-18756
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-62450
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202108-1384
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-18756
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-18756
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-62450
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-18756
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-18756
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-62450 // VULMON: CVE-2020-18756 // JVNDB: JVNDB-2019-016516 // CNNVD: CNNVD-202108-1384 // NVD: CVE-2020-18756

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016516 // NVD: CVE-2020-18756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1384

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-1384

PATCH

title:	Top Page	url:	http://www.dcce.cn	Trust: 0.8
title:	Patch for MAC1100 PLC information disclosure vulnerability (CNVD-2021-62450)	url:	https://www.cnvd.org.cn/patchInfo/show/286051	Trust: 0.6

sources: CNVD: CNVD-2021-62450 // JVNDB: JVNDB-2019-016516

EXTERNAL IDS

db:	NVD	id:	CVE-2020-18756	Trust: 3.9
db:	JVNDB	id:	JVNDB-2019-016516	Trust: 0.8
db:	CNVD	id:	CNVD-2021-62450	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1384	Trust: 0.6
db:	VULMON	id:	CVE-2020-18756	Trust: 0.1

sources: CNVD: CNVD-2021-62450 // VULMON: CVE-2020-18756 // JVNDB: JVNDB-2019-016516 // CNNVD: CNNVD-202108-1384 // NVD: CVE-2020-18756

REFERENCES

url:	https://github.com/ni9htmar3/vulnerability/blob/master/plc/dcce/dcce%20mac1100%20plc_read.md	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-18756	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-62450 // VULMON: CVE-2020-18756 // JVNDB: JVNDB-2019-016516 // CNNVD: CNNVD-202108-1384 // NVD: CVE-2020-18756

SOURCES

db:	CNVD	id:	CNVD-2021-62450
db:	VULMON	id:	CVE-2020-18756
db:	JVNDB	id:	JVNDB-2019-016516
db:	CNNVD	id:	CNNVD-202108-1384
db:	NVD	id:	CVE-2020-18756

LAST UPDATE DATE

2024-08-14T13:43:26.523000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-62450	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2020-18756	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-016516	date:	2022-07-11T07:44:00
db:	CNNVD	id:	CNNVD-202108-1384	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2020-18756	date:	2021-08-25T16:10:39.503

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-62450	date:	2021-08-17T00:00:00
db:	VULMON	id:	CVE-2020-18756	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-016516	date:	2022-07-11T00:00:00
db:	CNNVD	id:	CNNVD-202108-1384	date:	2021-08-13T00:00:00
db:	NVD	id:	CVE-2020-18756	date:	2021-08-13T17:15:16.357