Details of VAR-201308-0168

ID

VAR-201308-0168

CVE

CVE-2013-2798

TITLE

Schweitzer Engineering Laboratories Multiple Device Local Denial of Service Vulnerabilities

Trust: 1.2

sources: CNVD: CNVD-2013-12159 // CNNVD: CNNVD-201308-131

DESCRIPTION

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Schweitzer Engineering Laboratories multiple devices are prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. NOTE: To exploit this issue, local access to the serial-based outstation is required

Trust: 2.61

sources: NVD: CVE-2013-2798 // JVNDB: JVNDB-2013-003716 // CNVD: CNVD-2013-12159 // BID: 61667 // IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12159

AFFECTED PRODUCTS

vendor:	selinc	model:	sel-2241	scope:	eq	version:	r123-v0-z002001-d20130117	Trust: 1.6
vendor:	selinc	model:	sel-2241	scope:	eq	version:	r113-v0-z001001-d20110721	Trust: 1.6
vendor:	selinc	model:	sel-3530	scope:	eq	version:	r100_-v0-z001001-d20090915	Trust: 1.6
vendor:	selinc	model:	sel-3505	scope:	eq	version:	r123-v0-z002001-d20130117	Trust: 1.6
vendor:	selinc	model:	sel-3530	scope:	eq	version:	r123-v0-z002001	Trust: 1.6
vendor:	selinc	model:	sel-3505	scope:	eq	version:	r119-v0-z001001-d20120720	Trust: 1.6
vendor:	selinc	model:	sel-3530-4	scope:	eq	version:	r107-v0-z001001-d20100818	Trust: 1.6
vendor:	selinc	model:	sel-3530-4	scope:	eq	version:	r123-v0-z002001-d20130117	Trust: 1.6
vendor:	schweitzer engineering laboratories	model:	sel-2241	scope:	eq	version:	r113-v0-z001001-d20110721 to sel-2241-r123-v0-z002001-d20130117	Trust: 0.8
vendor:	schweitzer engineering laboratories	model:	sel-3505	scope:	eq	version:	r119-v0-z001001-d20120720 to sel-3505-r123-v0-z002001-d20130117	Trust: 0.8
vendor:	schweitzer engineering laboratories	model:	sel-3530	scope:	eq	version:	r100 -v0-z001001-d20090915 to sel-3530- sel-3530-r123-v0-z002001	Trust: 0.8
vendor:	schweitzer engineering laboratories	model:	sel-3530-4	scope:	eq	version:	r107-v0-z001001-d20100818 to sel-3530-4-r123-v0-z002001-d20130117	Trust: 0.8
vendor:	schweitzer	model:	engineering laboratories sel-3530 rtac	scope:	-	version:	-	Trust: 0.6
vendor:	schweitzer	model:	engineering laboratories sel-3505 rtac	scope:	-	version:	-	Trust: 0.6
vendor:	schweitzer	model:	engineering laboratories sel-2241 rtac	scope:	-	version:	-	Trust: 0.6
vendor:	schweitzer engineering laboratories	model:	sel-3530-se-3530-r123-v0-z002001	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-3530-r100 -v0-z001001-d20090915	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-3530-4-r123-v0-z002001-d20130117	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-3530-4-r107-v0-z001001-d20100818	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-3505-r123-v0-z002001-d20130117	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-3505-r119-v0-z001001-d20120720	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-2241-r123-v0-z002001-d20130117	scope:	eq	version:	0	Trust: 0.3
vendor:	schweitzer engineering laboratories	model:	sel-2241-r113-v0-z001001-d20110721	scope:	eq	version:	0	Trust: 0.3
vendor:	sel 2241	model:	r113-v0-z001001-d20110721	scope:	-	version:	-	Trust: 0.2
vendor:	sel 2241	model:	r123-v0-z002001-d20130117	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3505	model:	r119-v0-z001001-d20120720	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3505	model:	r123-v0-z002001-d20130117	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3530	model:	r100 -v0-z001001-d20090915	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3530	model:	r123-v0-z002001	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3530 4	model:	r107-v0-z001001-d20100818	scope:	-	version:	-	Trust: 0.2
vendor:	sel 3530 4	model:	r123-v0-z002001-d20130117	scope:	-	version:	-	Trust: 0.2

sources: IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12159 // BID: 61667 // JVNDB: JVNDB-2013-003716 // CNNVD: CNNVD-201308-131 // NVD: CVE-2013-2798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2798
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2798
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-12159
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201308-131
value:	MEDIUM
Trust: 0.6
IVD:	c94d5dc4-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2013-2798
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-12159
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	c94d5dc4-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12159 // JVNDB: JVNDB-2013-003716 // CNNVD: CNNVD-201308-131 // NVD: CVE-2013-2798

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-003716 // NVD: CVE-2013-2798

THREAT TYPE

local

Trust: 0.9

sources: BID: 61667 // CNNVD: CNNVD-201308-131

TYPE

Input validation

Trust: 0.8

sources: IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201308-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003716

PATCH

title:	Top Page	url:	https://www.selinc.com/default.aspx	Trust: 0.8
title:	SEL-2241 RTAC	url:	https://www.selinc.com/WorkArea/DownloadAsset.aspx?id=97914	Trust: 0.8
title:	SEL-3505 Automation Controller	url:	https://www.selinc.com/sel-3505/	Trust: 0.8
title:	Real-Time Automation Controller (RTAC)	url:	https://www.selinc.com/SEL-3530/	Trust: 0.8
title:	Patch for multiple device local denial of service vulnerabilities in Schweitzer Engineering Laboratories	url:	https://www.cnvd.org.cn/patchInfo/show/38162	Trust: 0.6

sources: CNVD: CNVD-2013-12159 // JVNDB: JVNDB-2013-003716

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2798	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-219-01	Trust: 3.3
db:	BID	id:	61667	Trust: 1.5
db:	CNVD	id:	CNVD-2013-12159	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-131	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003716	Trust: 0.8
db:	IVD	id:	C94D5DC4-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: c94d5dc4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12159 // BID: 61667 // JVNDB: JVNDB-2013-003716 // CNNVD: CNNVD-201308-131 // NVD: CVE-2013-2798

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-219-01	Trust: 3.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2798	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2798	Trust: 0.8
url:	http://www.securityfocus.com/bid/61667	Trust: 0.6
url:	https://www.selinc.com/sel-3530/	Trust: 0.3

sources: CNVD: CNVD-2013-12159 // BID: 61667 // JVNDB: JVNDB-2013-003716 // CNNVD: CNNVD-201308-131 // NVD: CVE-2013-2798

CREDITS

Adam Crain of Automatak and Chris Sistrunk

Trust: 0.9

sources: BID: 61667 // CNNVD: CNNVD-201308-131

SOURCES

db:	IVD	id:	c94d5dc4-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-12159
db:	BID	id:	61667
db:	JVNDB	id:	JVNDB-2013-003716
db:	CNNVD	id:	CNNVD-201308-131
db:	NVD	id:	CVE-2013-2798

LAST UPDATE DATE

2025-04-11T23:16:37.363000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-12159	date:	2013-08-13T00:00:00
db:	BID	id:	61667	date:	2013-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003716	date:	2013-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201308-131	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-2798	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	c94d5dc4-2352-11e6-abef-000c29c66e3d	date:	2013-08-13T00:00:00
db:	CNVD	id:	CNVD-2013-12159	date:	2013-08-13T00:00:00
db:	BID	id:	61667	date:	2013-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003716	date:	2013-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201308-131	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-2798	date:	2013-08-09T23:55:02.560