CVE-2013-2794 — MEDIUM (4.9)

Vulnerability Description

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Trianglemicroworks	Ansi C Source Code Libraries	3.06.0000
Trianglemicroworks	.Net Communication Protocol Components	3.06.0.171
Trianglemicroworks	Scada Data Gateway	2.50

Related Weaknesses (CWE)

CWE-119

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01US Government Resource
http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01US Government Resource
http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf

FAQ

What is CVE-2013-2794?

CVE-2013-2794 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proxi...

How severe is CVE-2013-2794?

CVE-2013-2794 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2794?

Check the references section above for vendor advisories and patch information. Affected products include: Trianglemicroworks Ansi C Source Code Libraries, Trianglemicroworks .Net Communication Protocol Components, Trianglemicroworks Scada Data Gateway.