Details of VAR-201309-0200

ID

VAR-201309-0200

CVE

CVE-2013-2793

TITLE

plural Triangle MicroWorks Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004002

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard

Trust: 2.7

sources: NVD: CVE-2013-2793 // JVNDB: JVNDB-2013-004002 // CNVD: CNVD-2013-12783 // BID: 62087 // IVD: b4cce158-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62795

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b4cce158-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12783

AFFECTED PRODUCTS

vendor:	trianglemicroworks	model:	ansi c source code libraries	scope:	eq	version:	3.15.0000	Trust: 1.6
vendor:	trianglemicroworks	model:	.net communication protocol components	scope:	eq	version:	3.15.0.369	Trust: 1.6
vendor:	trianglemicroworks	model:	.net communication protocol components	scope:	eq	version:	3.06.0.171	Trust: 1.6
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	3.00.0616	Trust: 1.6
vendor:	trianglemicroworks	model:	ansi c source code libraries	scope:	eq	version:	3.06.0000	Trust: 1.6
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	2.50	Trust: 1.6
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	2.50.0309	Trust: 1.6
vendor:	triangle microworks	model:	.net protocol components	scope:	eq	version:	3.06.0.171 to 3.15.0.369	Trust: 0.8
vendor:	triangle microworks	model:	ansi standard c source code libraries	scope:	eq	version:	3.06.0000 to 3.15.0000	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	2.50.0309 to 3.00.0616	Trust: 0.8
vendor:	triangle	model:	microworks scada data gateway to	scope:	eq	version:	2.50.03093.00.0616	Trust: 0.6
vendor:	triangle	model:	microworks dnp3 .net protocol components to	scope:	eq	version:	3.06.0.1713.15.0.369	Trust: 0.6
vendor:	triangle	model:	microworks dnp3 ansi c source code libraries to	scope:	eq	version:	3.06.00003.15.0000	Trust: 0.6
vendor:	net communication protocol components	model:	-	scope:	eq	version:	3.06.0.171	Trust: 0.2
vendor:	net communication protocol components	model:	-	scope:	eq	version:	3.15.0.369	Trust: 0.2
vendor:	ansi c source code libraries	model:	-	scope:	eq	version:	3.06.0000	Trust: 0.2
vendor:	ansi c source code libraries	model:	-	scope:	eq	version:	3.15.0000	Trust: 0.2
vendor:	scada data gateway	model:	-	scope:	eq	version:	2.50	Trust: 0.2
vendor:	scada data gateway	model:	-	scope:	eq	version:	2.50.0309	Trust: 0.2
vendor:	scada data gateway	model:	-	scope:	eq	version:	3.00.0616	Trust: 0.2

sources: IVD: b4cce158-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12783 // JVNDB: JVNDB-2013-004002 // CNNVD: CNNVD-201308-536 // NVD: CVE-2013-2793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2793
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2793
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-12783
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201308-536
value:	HIGH
Trust: 0.6
IVD:	b4cce158-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-62795
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2793
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-12783
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b4cce158-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-62795
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: b4cce158-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12783 // VULHUB: VHN-62795 // JVNDB: JVNDB-2013-004002 // CNNVD: CNNVD-201308-536 // NVD: CVE-2013-2793

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-62795 // JVNDB: JVNDB-2013-004002 // NVD: CVE-2013-2793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-536

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: b4cce158-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201308-536

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004002

PATCH

title:	Triangle MicroWorks, Inc. DNP3 Master Source Code Library	url:	http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf	Trust: 0.8
title:	Triangle MicroWorks Multiple Products Patches for Denial of Service Vulnerabilities Based on IP-Specific TCP Packets	url:	https://www.cnvd.org.cn/patchInfo/show/39294	Trust: 0.6

sources: CNVD: CNVD-2013-12783 // JVNDB: JVNDB-2013-004002

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2793	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-240-01	Trust: 3.1
db:	BID	id:	62087	Trust: 1.6
db:	CNNVD	id:	CNNVD-201308-536	Trust: 0.9
db:	CNVD	id:	CNVD-2013-12783	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004002	Trust: 0.8
db:	IVD	id:	B4CCE158-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-62795	Trust: 0.1

sources: IVD: b4cce158-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12783 // VULHUB: VHN-62795 // BID: 62087 // JVNDB: JVNDB-2013-004002 // CNNVD: CNNVD-201308-536 // NVD: CVE-2013-2793

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-240-01	Trust: 3.1
url:	http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2793	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2793	Trust: 0.8
url:	http://www.securityfocus.com/bid/62087	Trust: 0.6

sources: CNVD: CNVD-2013-12783 // VULHUB: VHN-62795 // JVNDB: JVNDB-2013-004002 // CNNVD: CNNVD-201308-536 // NVD: CVE-2013-2793

CREDITS

Adam Crain of Automatak and Chris Sistrunk

Trust: 0.9

sources: BID: 62087 // CNNVD: CNNVD-201308-536

SOURCES

db:	IVD	id:	b4cce158-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-12783
db:	VULHUB	id:	VHN-62795
db:	BID	id:	62087
db:	JVNDB	id:	JVNDB-2013-004002
db:	CNNVD	id:	CNNVD-201308-536
db:	NVD	id:	CVE-2013-2793

LAST UPDATE DATE

2025-04-11T23:01:45.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-12783	date:	2013-09-04T00:00:00
db:	VULHUB	id:	VHN-62795	date:	2013-09-25T00:00:00
db:	BID	id:	62087	date:	2013-10-21T01:19:00
db:	JVNDB	id:	JVNDB-2013-004002	date:	2013-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201308-536	date:	2013-09-10T00:00:00
db:	NVD	id:	CVE-2013-2793	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	b4cce158-2352-11e6-abef-000c29c66e3d	date:	2013-09-04T00:00:00
db:	CNVD	id:	CNVD-2013-12783	date:	2013-09-04T00:00:00
db:	VULHUB	id:	VHN-62795	date:	2013-09-09T00:00:00
db:	BID	id:	62087	date:	2013-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-004002	date:	2013-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201308-536	date:	2013-08-28T00:00:00
db:	NVD	id:	CVE-2013-2793	date:	2013-09-09T11:39:08.427