Vulnerability Details CVE-2013-2811
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.8%
CVSS Severity
CVSS v2 Score 7.1
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
- http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
- http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
- http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
- http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
- http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
- http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
Products affected by CVE-2013-2811
-
cpe:2.3:a:catapultsoftware:catapult_dnp3_i/o_driver:7.2.0.60
-
cpe:2.3:a:catapultsoftware:catapult_dnp3_i/o_driver:7.20.56
-
cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i/o_driver:7.20
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:4.01
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:7.5
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.0
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.1
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.2
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.0
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.1