ID
VAR-201308-0165
CVE
CVE-2013-2790
TITLE
IOServer of master-station DNP3 Service disruption in drivers (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. IOServer is a Windows-based OPC server that allows OPC clients such as human-machine interfaces and monitoring and data acquisition systems to exchange factory data with programmable logic circuits. The IOServer driver does not verify or correctly verify the input on the primary server on port 20000/TCP, which can affect the control flow or database flow of the program. When an attacker can submit a special request to make the IOServer enter an infinite loop without exiting, you need to manually restart to get the normal function. Multiple IOServer drivers are prone to a remote denial-of-service vulnerability. This will result in a denial-of-service condition
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
AFFECTED PRODUCTS
| vendor: | ioserver | model: | ioserver | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ioserver | model: | ioserver | scope: | eq | version: | master-station dnp3 driver beta2041.exe | Trust: 0.8 |
| vendor: | ioserver | model: | ioserver | scope: | lt | version: | master-station dnp3 driver driver19.exe | Trust: 0.8 |
| vendor: | ioserver | model: | beta driver | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ioserver | model: | - | scope: | eq | version: | - | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Input validation
Trust: 0.8
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.ioserver.com/ | Trust: 0.8 |
| title: | Multiple IOServer Drivers denial of service vulnerability patches | url: | https://www.cnvd.org.cn/patchInfo/show/38038 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-2790 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSA-13-213-03 | Trust: 3.0 |
| db: | BID | id: | 61577 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2013-11627 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201308-109 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2013-003717 | Trust: 0.8 |
| db: | IVD | id: | C86A2036-2352-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | http://ics-cert.us-cert.gov/advisories/icsa-13-213-03 | Trust: 3.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2790 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2790 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/61577 | Trust: 0.6 |
CREDITS
Adam Crain and Chris Sistrunk
Trust: 0.9
SOURCES
| db: | IVD | id: | c86a2036-2352-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2013-11627 |
| db: | BID | id: | 61577 |
| db: | JVNDB | id: | JVNDB-2013-003717 |
| db: | CNNVD | id: | CNNVD-201308-109 |
| db: | NVD | id: | CVE-2013-2790 |
LAST UPDATE DATE
2025-04-11T23:15:25.658000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-11627 | date: | 2013-08-06T00:00:00 |
| db: | BID | id: | 61577 | date: | 2013-10-21T00:18:00 |
| db: | JVNDB | id: | JVNDB-2013-003717 | date: | 2013-08-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201308-109 | date: | 2013-08-14T00:00:00 |
| db: | NVD | id: | CVE-2013-2790 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | IVD | id: | c86a2036-2352-11e6-abef-000c29c66e3d | date: | 2013-08-06T00:00:00 |
| db: | CNVD | id: | CNVD-2013-11627 | date: | 2013-08-06T00:00:00 |
| db: | BID | id: | 61577 | date: | 2013-08-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003717 | date: | 2013-08-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201308-109 | date: | 2013-08-14T00:00:00 |
| db: | NVD | id: | CVE-2013-2790 | date: | 2013-08-13T15:04:18.597 |