CVE-2020-18754 – CVE-2020-18754 is an information disclosure vul... (How to Fix)

Q: What is the severity of CVE-2020-18754?

CVE-2020-18754 has a CVSS score of 7.5 (HIGH). CVE-2020-18754 is an information disclosure vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 that allows unauthorized access to sensitive data. This affects organizations using the vulnerable PLC models in industrial control systems. Attackers can exploit this to leak configuration data, credentials, or operational information.

📋 TL;DR

CVE-2020-18754 is an information disclosure vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 that allows unauthorized access to sensitive data. This affects organizations using the vulnerable PLC models in industrial control systems. Attackers can exploit this to leak configuration data, credentials, or operational information.

💻 Affected Systems

Products:

DCCE PLC MAC1100

Versions: All versions prior to patched firmware

Operating Systems: Embedded PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default configurations of the MAC1100 PLC. No special configuration required for vulnerability.

📦 What is this software?

Mac1100 Plc Firmware by Dcce

View all CVEs affecting Mac1100 Plc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control system with exposure of sensitive operational data, credentials, and configuration files leading to potential physical damage or production disruption.

🟠

Likely Case

Unauthorized access to PLC configuration data, network settings, and potentially credentials that could facilitate further attacks on the industrial network.

🟢

If Mitigated

Limited exposure of non-critical configuration data with no access to operational controls or sensitive credentials.

🌐 Internet-Facing: HIGH if PLC is directly exposed to internet without proper segmentation, as exploit requires network access.

🏢 Internal Only: MEDIUM if PLC is on internal network, requiring attacker to first breach perimeter defenses.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept demonstrating information leakage. Exploit requires network access to PLC but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest firmware from vendor

Vendor Advisory: Not publicly documented

Restart Required: Yes

Instructions:

1. Contact DCCE for latest firmware. 2. Backup current configuration. 3. Apply firmware update via programming software. 4. Restart PLC. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLC from untrusted networks using firewalls and VLANs

Access Control Lists

all

Implement strict network access controls to limit who can communicate with PLC

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLC from untrusted networks
Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Test network access to PLC on vulnerable ports and attempt to retrieve configuration data without authentication

Check Version:

Check firmware version via PLC programming software or web interface if available

Verify Fix Applied:

After patching, attempt same exploit techniques to confirm information is no longer accessible

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to PLC configuration endpoints
Unusual data retrieval patterns from PLC

Network Indicators:

Unusual traffic to PLC on configuration ports from unauthorized sources
Data exfiltration patterns from PLC

SIEM Query:

source_ip=* AND dest_ip=PLC_IP AND (port=502 OR port=80) AND bytes_out > threshold

📊 Metadata

CVE ID: CVE-2020-18754

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-668

Published: August 13, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/Ni9htMar3/vulnerability/blob/master/PLC/DCCE/DCCE%20MAC1100%20PLC_leak.md Exploit,Third Party Advisory
https://github.com/Ni9htMar3/vulnerability/blob/master/PLC/DCCE/DCCE%20MAC1100%20PLC_leak.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18754, you might also want to check these: