CVE-2013-2823

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
catapultsoftwarecatapult_dnp3_i\/o_driver
𝑥
≤ 7.20.56
geintelligent_platforms_proficy_dnp3_i\/o_driver
𝑥
≤ 7.20
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:a
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:b
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:c
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:d
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:e
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:f
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:g
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:h
geintelligent_platforms_proficy_dnp3_i\/o_driver
7.20:i
geintelligent_platforms_proficy_hmi\/scada_cimplicity
4.01
geintelligent_platforms_proficy_hmi\/scada_cimplicity
7.5
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.0
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.1
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.2
geintelligent_platforms_proficy_hmi\/scada_ifix
5.0
geintelligent_platforms_proficy_hmi\/scada_ifix
5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf