Details of VAR-201312-0064

ID

VAR-201312-0064

CVE

CVE-2013-2816

TITLE

plural Cooper Power Systems Product of DNP3 Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005590

DESCRIPTION

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line. Cooper Power Systems The SMP Gateway is a data concentrator deployed in the energy sector. Attackers can exploit this issue to force the application to reboot; causing denial-of-service conditions. The device can collect and store field instrument data in real time, and transmit it to the remote monitoring center

Trust: 2.52

sources: NVD: CVE-2013-2816 // JVNDB: JVNDB-2013-005590 // CNVD: CNVD-2013-15310 // BID: 64283 // VULHUB: VHN-62818

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15310

AFFECTED PRODUCTS

vendor:	cooperindustries	model:	smp 4 gateway \	scope:	eq	version:	-	Trust: 1.6
vendor:	cooperindustries	model:	smp 4\/dp gateway \	scope:	eq	version:	-	Trust: 1.6
vendor:	cooperindustries	model:	smp 16 gateway \	scope:	eq	version:	-	Trust: 1.6
vendor:	eaton	model:	smp 16 gateway	scope:	eq	version:	(data concentrator)	Trust: 0.8
vendor:	eaton	model:	smp 4 gateway	scope:	eq	version:	(data concentrator)	Trust: 0.8
vendor:	eaton	model:	smp 4/dp gateway	scope:	eq	version:	(data concentrator)	Trust: 0.8
vendor:	cooper	model:	power systems smp gateway	scope:	eq	version:	16	Trust: 0.6

sources: CNVD: CNVD-2013-15310 // JVNDB: JVNDB-2013-005590 // CNNVD: CNNVD-201312-354 // NVD: CVE-2013-2816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2816
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2816
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-15310
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-354
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-62818
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-2816
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-15310
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-62818
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-15310 // VULHUB: VHN-62818 // JVNDB: JVNDB-2013-005590 // CNNVD: CNNVD-201312-354 // NVD: CVE-2013-2816

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-62818 // JVNDB: JVNDB-2013-005590 // NVD: CVE-2013-2816

THREAT TYPE

local

Trust: 0.9

sources: BID: 64283 // CNNVD: CNNVD-201312-354

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-354

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005590

PATCH

title:	Top Page	url:	http://www.cooperindustries.com/content/public/en.html	Trust: 0.8
title:	Patch for Cooper Power Systems SMP Gateway Serial Local Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/41819	Trust: 0.6

sources: CNVD: CNVD-2013-15310 // JVNDB: JVNDB-2013-005590

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-13-346-01	Trust: 3.4
db:	NVD	id:	CVE-2013-2816	Trust: 3.4
db:	BID	id:	64283	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-005590	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-354	Trust: 0.7
db:	CNVD	id:	CNVD-2013-15310	Trust: 0.6
db:	VULHUB	id:	VHN-62818	Trust: 0.1

sources: CNVD: CNVD-2013-15310 // VULHUB: VHN-62818 // BID: 64283 // JVNDB: JVNDB-2013-005590 // CNNVD: CNNVD-201312-354 // NVD: CVE-2013-2816

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-346-01	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2816	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2816	Trust: 0.8
url:	http://www.cooperindustries.com/content/public/en/power_systems.html	Trust: 0.3
url:	http://www.cooperindustries.com/content/public/en/power_systems/products/automation_and_control/smp_products/smp-16-gateway.html	Trust: 0.3

sources: CNVD: CNVD-2013-15310 // VULHUB: VHN-62818 // BID: 64283 // JVNDB: JVNDB-2013-005590 // CNNVD: CNNVD-201312-354 // NVD: CVE-2013-2816

CREDITS

Adam Crain of Automatak and Chris Sistrunk

Trust: 0.3

sources: BID: 64283

SOURCES

db:	CNVD	id:	CNVD-2013-15310
db:	VULHUB	id:	VHN-62818
db:	BID	id:	64283
db:	JVNDB	id:	JVNDB-2013-005590
db:	CNNVD	id:	CNNVD-201312-354
db:	NVD	id:	CVE-2013-2816

LAST UPDATE DATE

2025-04-11T23:16:35.913000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15310	date:	2013-12-18T00:00:00
db:	VULHUB	id:	VHN-62818	date:	2013-12-18T00:00:00
db:	BID	id:	64283	date:	2015-03-19T08:48:00
db:	JVNDB	id:	JVNDB-2013-005590	date:	2013-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201312-354	date:	2013-12-19T00:00:00
db:	NVD	id:	CVE-2013-2816	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15310	date:	2013-12-18T00:00:00
db:	VULHUB	id:	VHN-62818	date:	2013-12-17T00:00:00
db:	BID	id:	64283	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005590	date:	2013-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201312-354	date:	2013-12-19T00:00:00
db:	NVD	id:	CVE-2013-2816	date:	2013-12-17T15:21:23.417