CVE-2013-2811
published 2013-11-22CVE-2013-2811: The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP…
PriorityP428high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
1.85%
76.4th percentile
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| catapultsoftware | catapult_dnp3_i_o_driver | <= 7.20.56 | — |
| ge | intelligent_platforms_proficy_dnp3_i_o_driver | <= 7.20 | — |
| ge | intelligent_platforms_proficy_dnp3_i_o_driver | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE Proficy HMI/SCADA DNP3 Driver Input Validation
cisa_ics·2018-08-29
GE Proficy HMI/SCADA DNP3 Driver Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Proficy HMI/SCADA DNP3 Driver Input Validation
Last RevisedAugust 29, 2018
Alert CodeICSA-14-287-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on October 14, 2014, and is being released to the NCCIC/ICS-CERT web site.
Independent researcher Adam Crain of Automatak has identified an improper input validation in the DNP3 driver provided by Catapult Software. Catapult and GE have produced a patch that mitigates this vulnerability. GE has tested the patch to validate that it resolves the vulnerability in affected GE Proficy HMI/SCADA pro
CISA ICS
Catapult Software DNP3 Driver Improper Input Validation
cisa_ics·2013-12-17
Catapult Software DNP3 Driver Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Catapult Software DNP3 Driver Improper Input Validation
Last RevisedDecember 17, 2013
Alert CodeICSA-13-297-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site.
Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in Catapult Software’s DNP3 Driver software. Catapult Software has produced an updated software version that mitigates this vulnerability. Adam Crain and Chris Sistrunk tested the updated software t
CISA ICS
GE Proficy DNP3 Improper Input Validation
cisa_ics·2013-12-17
GE Proficy DNP3 Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Proficy DNP3 Improper Input Validation
Last RevisedDecember 17, 2013
Alert CodeICSA-13-297-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site.
General Electric (GE) Intelligent Platforms reported to NCCIC/ICS-CERT an improper input validation vulnerability in the DNP3 driver used with Proficy products iFIX and CIMPLICITY. The vulnerability report was part of a resolution by Catapult Software, which developed the driver for the GE products.
Adam Crain of Automat
GHSA
GHSA-m2f4-q5fw-hf6w: The (1) Catapult DNP3 I/O driver before 7
ghsa_unreviewed·2022-05-17
CVE-2013-2811 [HIGH] CWE-20 GHSA-m2f4-q5fw-hf6w: The (1) Catapult DNP3 I/O driver before 7
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-13-297-01http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
2013-11-22
Published