CVE-2013-5741
published 2013-10-29CVE-2013-5741: Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which…
PriorityP337high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.19%
80.1th percentile
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| triplc | nano-10_plc_firmware | <= r81 | — |
| triplc | nano-10_plc_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Triangle Research Nano-10 PLC Improper Input Validation
cisa_ics·2018-09-05
Triangle Research Nano-10 PLC Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Triangle Research Nano-10 PLC Improper Input Validation
Last RevisedSeptember 05, 2018
Alert CodeICSA-13-329-01
## OVERVIEW
Researcher Wei Gao of IXIA has identified an improper input validation vulnerability in Triangle Research International, Inc.’s (TRi Inc.) Nano‑10 programmable logic controller (PLC).IXIA Web site. http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/#ix, Web site last accessed November 25, 2013. The researcher had notified NCCIC/ICS-CERT originally in September. TRi Inc. has produced a firmware upgrade (Revision
GHSA
GHSA-rrww-8j8x-54v7: Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data,
ghsa_unreviewed·2022-05-17
CVE-2013-5741 [HIGH] CWE-20 GHSA-rrww-8j8x-54v7: Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data,
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/http://osvdb.org/ref/97/tri-nano10.txthttp://www.osvdb.org/97728http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/http://osvdb.org/ref/97/tri-nano10.txthttp://www.osvdb.org/97728
2013-10-29
Published