Details of VAR-201306-0266

ID

VAR-201306-0266

CVE

CVE-2013-2783

TITLE

IOServer of DNP3 Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002985

DESCRIPTION

The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000. IOServer is an industrial control software running on windows. IOServer is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input. Attackers can exploit this issue to force the application to enter into an infinite loop, causing it to consume large amounts of system resources. This can result in denial-of-service conditions. IOServer 1.0.19.0 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2013-2783 // JVNDB: JVNDB-2013-002985 // CNVD: CNVD-2013-07340 // BID: 60450 // IVD: e69f1e62-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e69f1e62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07340

AFFECTED PRODUCTS

vendor:	ioserver	model:	ioserver	scope:	eq	version:	1.0.19.0	Trust: 2.2
vendor:	ioserver	model:	ioserver	scope:	eq	version:	v1.0.19.0	Trust: 0.8
vendor:	ioserver	model:	-	scope:	eq	version:	1.0.19.0	Trust: 0.2

sources: IVD: e69f1e62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07340 // JVNDB: JVNDB-2013-002985 // CNNVD: CNNVD-201306-211 // NVD: CVE-2013-2783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2783
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2783
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-07340
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201306-211
value:	HIGH
Trust: 0.6
IVD:	e69f1e62-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2013-2783
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-07340
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e69f1e62-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e69f1e62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07340 // JVNDB: JVNDB-2013-002985 // CNNVD: CNNVD-201306-211 // NVD: CVE-2013-2783

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-002985 // NVD: CVE-2013-2783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-211

TYPE

Input validation

Trust: 0.8

sources: IVD: e69f1e62-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201306-211

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002985

PATCH

title:

Top Page

url:

http://www.ioserver.com

Trust: 0.8

sources: JVNDB: JVNDB-2013-002985

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2783	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-161-01	Trust: 3.0
db:	SECUNIA	id:	53794	Trust: 1.2
db:	BID	id:	60450	Trust: 0.9
db:	CNVD	id:	CNVD-2013-07340	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-211	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-002985	Trust: 0.8
db:	IVD	id:	E69F1E62-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: e69f1e62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07340 // BID: 60450 // JVNDB: JVNDB-2013-002985 // CNNVD: CNNVD-201306-211 // NVD: CVE-2013-2783

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-161-01	Trust: 3.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2783	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2783	Trust: 0.8
url:	http://www.secunia.com/advisories/53794/	Trust: 0.6
url:	http://secunia.com/advisories/53794	Trust: 0.6
url:	http://www.securityfocus.com/bid/60450	Trust: 0.6

sources: CNVD: CNVD-2013-07340 // JVNDB: JVNDB-2013-002985 // CNNVD: CNNVD-201306-211 // NVD: CVE-2013-2783

CREDITS

Adam Crain and Chris Sistrunk

Trust: 0.9

sources: BID: 60450 // CNNVD: CNNVD-201306-211

SOURCES

db:	IVD	id:	e69f1e62-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-07340
db:	BID	id:	60450
db:	JVNDB	id:	JVNDB-2013-002985
db:	CNNVD	id:	CNNVD-201306-211
db:	NVD	id:	CVE-2013-2783

LAST UPDATE DATE

2025-04-11T23:02:57.937000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-07340	date:	2013-06-19T00:00:00
db:	BID	id:	60450	date:	2013-10-21T00:18:00
db:	JVNDB	id:	JVNDB-2013-002985	date:	2013-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201306-211	date:	2013-06-17T00:00:00
db:	NVD	id:	CVE-2013-2783	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	e69f1e62-2352-11e6-abef-000c29c66e3d	date:	2013-06-17T00:00:00
db:	CNVD	id:	CNVD-2013-07340	date:	2013-06-17T00:00:00
db:	BID	id:	60450	date:	2013-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002985	date:	2013-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201306-211	date:	2013-06-17T00:00:00
db:	NVD	id:	CVE-2013-2783	date:	2013-06-14T19:55:01.187