CVE-2013-2793 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Trianglemicroworks	.Net Communication Protocol Components	3.06.0.171
Trianglemicroworks	Ansi C Source Code Libraries	3.06.0000
Trianglemicroworks	Scada Data Gateway	2.50

Related Weaknesses (CWE)

CWE-119

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01US Government Resource
http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01US Government Resource
http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf

FAQ

What is CVE-2013-2793?

CVE-2013-2793 is a vulnerability with a CVSS score of 7.8 (HIGH). Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers...

How severe is CVE-2013-2793?

CVE-2013-2793 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2793?

Check the references section above for vendor advisories and patch information. Affected products include: Trianglemicroworks .Net Communication Protocol Components, Trianglemicroworks Ansi C Source Code Libraries, Trianglemicroworks Scada Data Gateway.