CVE-2013-2811

Опубликовано: 22 нояб. 2013

Источник: nvd

CVSS2: 7.1

EPSS Низкий

Описание

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
US Government Resource
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
Vendor Advisory
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
Vendor Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
US Government Resource
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
Vendor Advisory
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:catapultsoftware:catapult_dnp3_i\/o_driver:*:*:*:*:*:*:*:*

Версия до 7.20.56 (включая)

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:*:j:*:*:*:*:*:*

Версия до 7.20 (включая)

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:-:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:a:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:b:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:c:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:d:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:e:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:f:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:g:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:h:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\/o_driver:7.20:i:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:4.01:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.1:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.2:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_ifix:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_ifix:5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01298

Низкий

7.1 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-m2f4-q5fw-hf6w

github

больше 3 лет назад