CVE-2013-2823
published 2013-11-22CVE-2013-2823: The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP…
PriorityP416medium4.7CVSS 2.0
AVLACMAuNCNINAC
EPSS
0.76%
50.7th percentile
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| catapultsoftware | catapult_dnp3_i_o_driver | <= 7.20.56 | — |
| ge | intelligent_platforms_proficy_dnp3_i_o_driver | <= 7.20 | — |
| ge | intelligent_platforms_proficy_dnp3_i_o_driver | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6cgr-mc53-57w2: The (1) Catapult DNP3 I/O driver before 7
ghsa_unreviewed·2022-05-17
CVE-2013-2823 [MEDIUM] CWE-20 GHSA-6cgr-mc53-57w2: The (1) Catapult DNP3 I/O driver before 7
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
CISA ICS
Catapult Software DNP3 Driver Improper Input Validation
cisa_ics·2013-12-17
Catapult Software DNP3 Driver Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Catapult Software DNP3 Driver Improper Input Validation
Last RevisedDecember 17, 2013
Alert CodeICSA-13-297-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site.
Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in Catapult Software’s DNP3 Driver software. Catapult Software has produced an updated software version that mitigates this vulnerability. Adam Crain and Chris Sistrunk tested the updated software t
CISA ICS
GE Proficy DNP3 Improper Input Validation
cisa_ics·2013-12-17
GE Proficy DNP3 Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Proficy DNP3 Improper Input Validation
Last RevisedDecember 17, 2013
Alert CodeICSA-13-297-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site.
General Electric (GE) Intelligent Platforms reported to NCCIC/ICS-CERT an improper input validation vulnerability in the DNP3 driver used with Proficy products iFIX and CIMPLICITY. The vulnerability report was part of a resolution by Catapult Software, which developed the driver for the GE products.
Adam Crain of Automat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-13-297-01http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf
2013-11-22
Published