Sign-up

ID

VAR-201308-0166


CVE

CVE-2013-2792


TITLE

plural Schweitzer Engineering Laboratories Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003714

DESCRIPTION

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Multiple Schweitzer Engineering Laboratories devices are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices

Trust: 2.61

sources: NVD: CVE-2013-2792 // JVNDB: JVNDB-2013-003714 // CNVD: CNVD-2013-12158 // BID: 61665 // IVD: c9668f1a-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: c9668f1a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12158

AFFECTED PRODUCTS

vendor:selincmodel:sel-2241scope:eqversion:r123-v0-z002001-d20130117

Trust: 1.6

vendor:selincmodel:sel-2241scope:eqversion:r113-v0-z001001-d20110721

Trust: 1.6

vendor:selincmodel:sel-3530scope:eqversion:r100_-v0-z001001-d20090915

Trust: 1.6

vendor:selincmodel:sel-3505scope:eqversion:r123-v0-z002001-d20130117

Trust: 1.6

vendor:selincmodel:sel-3530scope:eqversion:r123-v0-z002001

Trust: 1.6

vendor:selincmodel:sel-3505scope:eqversion:r119-v0-z001001-d20120720

Trust: 1.6

vendor:selincmodel:sel-3530-4scope:eqversion:r107-v0-z001001-d20100818

Trust: 1.6

vendor:selincmodel:sel-3530-4scope:eqversion:r123-v0-z002001-d20130117

Trust: 1.6

vendor:schweitzer engineering laboratoriesmodel:sel-2241scope:eqversion:r113-v0-z001001-d20110721 to sel-2241-r123-v0-z002001-d20130117

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:sel-3505scope:eqversion:r119-v0-z001001-d20120720 to sel-3505-r123-v0-z002001-d20130117

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:sel-3530scope:eqversion:r100 -v0-z001001-d20090915 to sel-3530- sel-3530-r123-v0-z002001

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:sel-3530-4scope:eqversion:r107-v0-z001001-d20100818 to sel-3530-4-r123-v0-z002001-d20130117

Trust: 0.8

vendor:schweitzermodel:engineering laboratories sel-3530 rtacscope: - version: -

Trust: 0.6

vendor:schweitzermodel:engineering laboratories sel-3505 rtacscope: - version: -

Trust: 0.6

vendor:schweitzermodel:engineering laboratories sel-2241 rtacscope: - version: -

Trust: 0.6

vendor:sel 2241model:r113-v0-z001001-d20110721scope: - version: -

Trust: 0.2

vendor:sel 2241model:r123-v0-z002001-d20130117scope: - version: -

Trust: 0.2

vendor:sel 3505model:r119-v0-z001001-d20120720scope: - version: -

Trust: 0.2

vendor:sel 3505model:r123-v0-z002001-d20130117scope: - version: -

Trust: 0.2

vendor:sel 3530model:r100 -v0-z001001-d20090915scope: - version: -

Trust: 0.2

vendor:sel 3530model:r123-v0-z002001scope: - version: -

Trust: 0.2

vendor:sel 3530 4model:r107-v0-z001001-d20100818scope: - version: -

Trust: 0.2

vendor:sel 3530 4model:r123-v0-z002001-d20130117scope: - version: -

Trust: 0.2

sources: IVD: c9668f1a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12158 // JVNDB: JVNDB-2013-003714 // CNNVD: CNNVD-201308-130 // NVD: CVE-2013-2792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2792
value: HIGH

Trust: 1.0

NVD: CVE-2013-2792
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-12158
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201308-130
value: HIGH

Trust: 0.6

IVD: c9668f1a-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2013-2792
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12158
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c9668f1a-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: c9668f1a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12158 // JVNDB: JVNDB-2013-003714 // CNNVD: CNNVD-201308-130 // NVD: CVE-2013-2792

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-003714 // NVD: CVE-2013-2792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-130

TYPE

Input validation

Trust: 0.8

sources: IVD: c9668f1a-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201308-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003714

PATCH
title:Top Pageurl:https://www.selinc.com/default.aspx
Trust: 0.8
title:SEL-3505 Automation Controllerurl:https://www.selinc.com/sel-3505
Trust: 0.8
title:Real-Time Automation Controller (RTAC)url:https://www.selinc.com/SEL-3530
Trust: 0.8
title:SEL-2240 Axion Distributed Control and Integration Platformurl:https://www.selinc.com/SEL-2240/
Trust: 0.8
title:Schweitzer Engineering Laboratories Patch for Multiple Device Remote Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/38161
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12158 // 
            
            
            
            JVNDB: JVNDB-2013-003714

EXTERNAL IDS
db:NVDid:CVE-2013-2792
Trust: 3.5
db:ICS CERTid:ICSA-13-219-01
Trust: 3.0
db:BIDid:61665
Trust: 1.5
db:CNVDid:CNVD-2013-12158
Trust: 0.8
db:CNNVDid:CNNVD-201308-130
Trust: 0.8
db:JVNDBid:JVNDB-2013-003714
Trust: 0.8
db:IVDid:C9668F1A-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: c9668f1a-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-12158 // 
            
            
            
            BID: 61665 // 
            
            
            
            JVNDB: JVNDB-2013-003714 // 
            
            
            
            CNNVD: CNNVD-201308-130 // 
            
            
            
            NVD: CVE-2013-2792

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-219-01
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2792
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2792
Trust: 0.8
url:http://www.securityfocus.com/bid/61665
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12158 // 
            
            
            
            JVNDB: JVNDB-2013-003714 // 
            
            
            
            CNNVD: CNNVD-201308-130 // 
            
            
            
            NVD: CVE-2013-2792

CREDITS
Adam Crain of Automatak and Chris Sistrunk
Trust: 0.9
sources:
            
            
            BID: 61665 // 
            
            
            
            CNNVD: CNNVD-201308-130

SOURCES
db:IVDid:c9668f1a-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-12158
db:BIDid:61665
db:JVNDBid:JVNDB-2013-003714
db:CNNVDid:CNNVD-201308-130
db:NVDid:CVE-2013-2792

LAST UPDATE DATE
2025-04-11T23:16:37.328000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-12158date:2013-08-13T00:00:00
db:BIDid:61665date:2013-10-21T00:18:00
db:JVNDBid:JVNDB-2013-003714date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-130date:2013-08-22T00:00:00
db:NVDid:CVE-2013-2792date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:c9668f1a-2352-11e6-abef-000c29c66e3ddate:2013-08-13T00:00:00
db:CNVDid:CNVD-2013-12158date:2013-08-13T00:00:00
db:BIDid:61665date:2013-08-07T00:00:00
db:JVNDBid:JVNDB-2013-003714date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-130date:2013-08-22T00:00:00
db:NVDid:CVE-2013-2792date:2013-08-09T23:55:02.513