Login Sign Up

CVE-2020-18758

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code on affected programmable logic controllers. It affects industrial control systems using this specific PLC model, potentially allowing complete device compromise.

💻 Affected Systems

Products:
  • DCCE PLC MAC1100
Versions: All versions prior to patch (specific version range not specified in references)
Operating Systems: PLC firmware/embedded system
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the PLC's programming/upload functionality. No specific configuration makes it immune.

📦 What is this software?

Mac1100 Plc Firmware by Dcce

View all CVEs affecting Mac1100 Plc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to physical process disruption, equipment damage, or safety incidents in critical infrastructure.

🟠

Likely Case

Unauthorized code execution allowing attackers to manipulate PLC operations, disrupt industrial processes, or establish persistence in industrial networks.

🟢

If Mitigated

Limited impact if PLCs are isolated in segmented networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit without network access.
🏢 Internal Only: HIGH - Even internally, vulnerable PLCs can be exploited by compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public GitHub repository contains exploit details. CWE-77 (Command Injection) suggests straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

Check vendor website for firmware updates. If unavailable, implement network segmentation and access controls.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLCs in separate VLANs with strict firewall rules

Access Control Lists

all

Restrict network access to PLCs to authorized engineering stations only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate PLCs from general network traffic
  • Deploy industrial firewall with deep packet inspection between PLCs and other networks

🔍 How to Verify

Check if Vulnerable:

Check PLC model and firmware version against vendor advisories. Test network connectivity to PLC programming ports.

Check Version:

Vendor-specific command via programming software or web interface

Verify Fix Applied:

Verify firmware version matches patched version from vendor. Test exploit attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized connection attempts to PLC programming ports
  • Unexpected firmware uploads or configuration changes

Network Indicators:

  • Traffic to PLC programming ports from unauthorized IPs
  • Malformed packets to PLC services

SIEM Query:

source_ip NOT IN (authorized_engineering_stations) AND dest_port IN (plc_programming_ports)

📊 Metadata

CVE ID: CVE-2020-18758
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: August 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18758, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)