fkie_cve-2013-2823
Vulnerability from fkie_nvd
Published
2013-11-22 01:55
Modified
2024-11-21 01:52
Severity ?
Summary
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:catapultsoftware:catapult_dnp3_i\\/o_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4D11DB-CF90-4ADD-AB95-9815FC90F97B",
"versionEndIncluding": "7.20.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:*:j:*:*:*:*:*:*",
"matchCriteriaId": "9FBAD16C-05F0-4D83-8FE7-F3FD0E2B75C7",
"versionEndIncluding": "7.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:-:*:*:*:*:*:*",
"matchCriteriaId": "92C2AB50-34CB-4296-8CCE-B98026DB4F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:a:*:*:*:*:*:*",
"matchCriteriaId": "4BE9590D-9264-4942-A18C-8629420FBB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:b:*:*:*:*:*:*",
"matchCriteriaId": "A013ED7F-92C1-42C4-A6AB-4A419BA11611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:c:*:*:*:*:*:*",
"matchCriteriaId": "FA7AE477-C0A4-497E-8F7B-9D656DC41B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:d:*:*:*:*:*:*",
"matchCriteriaId": "C8AECEB6-867F-4796-B56C-C3C8BC53D691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:e:*:*:*:*:*:*",
"matchCriteriaId": "9ABC3786-A578-4BF3-AF3D-A470BD7565CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:f:*:*:*:*:*:*",
"matchCriteriaId": "142CA198-EF41-4FFD-BB40-F9B41C4841F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:g:*:*:*:*:*:*",
"matchCriteriaId": "F058E97B-0B63-4059-968D-9D282570283B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:h:*:*:*:*:*:*",
"matchCriteriaId": "ED4490C3-8CE5-4715-8E19-1793ED16354D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:i:*:*:*:*:*:*",
"matchCriteriaId": "91B378AA-1AFA-44D7-8403-C898C3DAE85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_ifix:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65A4CBC3-3B98-4700-8710-4D4FFCA55315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_ifix:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABA340B-B00B-41EC-8270-68139B63D09A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line."
},
{
"lang": "es",
"value": "El driver (1) Catapult DNP3 I/O anterior a la versi\u00f3n 7.2.0.60 y el driver (2) GE Intelligent Platforms Proficy DNP3 I/O anterior a la versi\u00f3n 7.20k, tal y como se usa en DNPDrv.exe (tambi\u00e9n conocido como servidor de estaci\u00f3n maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY y iFIX, permite f\u00edsicamente a atacantes pr\u00f3ximos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una entrada manipulada sobre una linea de serie."
}
],
"id": "CVE-2013-2823",
"lastModified": "2024-11-21T01:52:25.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-22T01:55:03.917",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=S:KB15805"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=S:KB15805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.