Sign-up

ID

VAR-201312-0065


CVE

CVE-2013-2818


TITLE

Alstom e-terracontrol of DNP Master Driver Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005340

DESCRIPTION

The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. Alstom e-Terracontrol is software for monitoring and controlling power systems on a SCADA system. e-Terracontrol is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to trigger the application to enter into an infinite loop, causing it to crash. This can result in denial-of-service conditions. e-Terracontrol 3.5, 3.6, and 3.7 are vulnerable

Trust: 2.7

sources: NVD: CVE-2013-2818 // JVNDB: JVNDB-2013-005340 // CNVD: CNVD-2013-14844 // BID: 62867 // IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // VULMON: CVE-2013-2818

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14844

AFFECTED PRODUCTS

vendor:alstommodel:e-terracontrolscope:eqversion:3.5

Trust: 2.4

vendor:alstommodel:e-terracontrolscope:eqversion:3.6

Trust: 2.4

vendor:alstommodel:e-terracontrolscope:eqversion:3.7

Trust: 2.4

vendor:alstommodel:grid e-terracontrolscope:eqversion:3.5

Trust: 0.6

vendor:alstommodel:grid e-terracontrolscope:eqversion:3.6

Trust: 0.6

vendor:alstommodel:grid e-terracontrolscope:eqversion:3.7

Trust: 0.6

vendor:e terracontrolmodel: - scope:eqversion:3.5

Trust: 0.2

vendor:e terracontrolmodel: - scope:eqversion:3.6

Trust: 0.2

vendor:e terracontrolmodel: - scope:eqversion:3.7

Trust: 0.2

sources: IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14844 // JVNDB: JVNDB-2013-005340 // CNNVD: CNNVD-201312-003 // NVD: CVE-2013-2818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2818
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2818
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14844
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-003
value: MEDIUM

Trust: 0.6

IVD: 7134f28c-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULMON: CVE-2013-2818
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2818
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-14844
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7134f28c-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14844 // VULMON: CVE-2013-2818 // JVNDB: JVNDB-2013-005340 // CNNVD: CNNVD-201312-003 // NVD: CVE-2013-2818

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-005340 // NVD: CVE-2013-2818

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201312-003

TYPE

Input validation

Trust: 0.8

sources: IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201312-003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005340

PATCH
title:e-terracontrolurl:http://www.alstom.com/grid/scada-in-power-systems/e-terracontrol/
Trust: 0.8
title:Alstom e-terracontrol DNP Master driver patch for serial port denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41407
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14844 // 
            
            
            
            JVNDB: JVNDB-2013-005340

EXTERNAL IDS
db:NVDid:CVE-2013-2818
Trust: 3.6
db:ICS CERTid:ICSA-13-282-01A
Trust: 3.1
db:BIDid:62867
Trust: 0.9
db:CNVDid:CNVD-2013-14844
Trust: 0.8
db:CNNVDid:CNNVD-201312-003
Trust: 0.8
db:JVNDBid:JVNDB-2013-005340
Trust: 0.8
db:IVDid:7134F28C-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULMONid:CVE-2013-2818
Trust: 0.1
sources:
            
            
            IVD: 7134f28c-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-14844 // 
            
            
            
            VULMON: CVE-2013-2818 // 
            
            
            
            BID: 62867 // 
            
            
            
            JVNDB: JVNDB-2013-005340 // 
            
            
            
            CNNVD: CNNVD-201312-003 // 
            
            
            
            NVD: CVE-2013-2818

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-282-01a
Trust: 3.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2818
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2818
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14844 // 
            
            
            
            VULMON: CVE-2013-2818 // 
            
            
            
            JVNDB: JVNDB-2013-005340 // 
            
            
            
            CNNVD: CNNVD-201312-003 // 
            
            
            
            NVD: CVE-2013-2818

CREDITS
Adam Crain of Automatak and Chris Sistrunk
Trust: 0.3
sources:
            
            
            BID: 62867

SOURCES
db:IVDid:7134f28c-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14844
db:VULMONid:CVE-2013-2818
db:BIDid:62867
db:JVNDBid:JVNDB-2013-005340
db:CNNVDid:CNNVD-201312-003
db:NVDid:CVE-2013-2818

LAST UPDATE DATE
2025-04-11T22:53:10.195000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14844date:2013-12-04T00:00:00
db:VULMONid:CVE-2013-2818date:2014-03-03T00:00:00
db:BIDid:62867date:2013-10-22T00:16:00
db:JVNDBid:JVNDB-2013-005340date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-003date:2013-12-06T00:00:00
db:NVDid:CVE-2013-2818date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:7134f28c-2352-11e6-abef-000c29c66e3ddate:2013-12-04T00:00:00
db:CNVDid:CNVD-2013-14844date:2013-12-04T00:00:00
db:VULMONid:CVE-2013-2818date:2013-12-01T00:00:00
db:BIDid:62867date:2013-10-09T00:00:00
db:JVNDBid:JVNDB-2013-005340date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-003date:2013-12-06T00:00:00
db:NVDid:CVE-2013-2818date:2013-12-01T15:55:04.347