VAR-201805-1203
Vulnerability from variot - Updated: 2022-05-17 01:36MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. This product is widely used in important industrial control sites such as intelligent buildings, power data monitoring, thermal control systems, and enterprise management systems.
DCCE MAC1100 PLC has an information disclosure vulnerability. The vulnerability originates from the MAC1100 PLC using the EPA protocol to communicate on port 11000. An attacker can use the vulnerability to read a specific storage area, collect relevant device information in the PLC, and can be used for PLC device identification attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac series plc mac1100",
"scope": null,
"trust": 0.6,
"vendor": "dalian university of computer control engineering",
"version": null
},
{
"model": "mac series plc mac1100",
"scope": "eq",
"trust": 0.2,
"vendor": "dalian university of computer control engineering",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08782",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-08782",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. This product is widely used in important industrial control sites such as intelligent buildings, power data monitoring, thermal control systems, and enterprise management systems. \n\nDCCE MAC1100 PLC has an information disclosure vulnerability. The vulnerability originates from the MAC1100 PLC using the EPA protocol to communicate on port 11000. An attacker can use the vulnerability to read a specific storage area, collect relevant device information in the PLC, and can be used for PLC device identification attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08782"
},
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-08782",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EDD8E2-39AB-11E9-8594-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"id": "VAR-201805-1203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"last_update_date": "2022-05-17T01:36:16.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information Disclosure Vulnerability in DCCE MAC1100 PLC (CNVD-2018-08782)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125777"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-03T00:00:00",
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
},
{
"date": "2018-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08782"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCCE MAC1100 PLC has information disclosure vulnerability (CNVD-2018-08782)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08782"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information leakage",
"sources": [
{
"db": "IVD",
"id": "e2edd8e2-39ab-11e9-8594-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…