Vulnerability CVE-2013-2823
Published: 2013-11-21   Modified: 2013-11-22

Description:
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
GE -> Intelligent platforms proficy dnp3 i/o driver 
GE -> Intelligent platforms proficy hmi/scada cimplicity 
GE -> Intelligent platforms proficy hmi/scada ifix 
Catapultsoftware -> Catapult dnp3 i/o driver 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
Copyright 2024, cxsecurity.com

 

Back to Top