Details of VAR-201312-0067

ID

VAR-201312-0067

CVE

CVE-2013-2822

TITLE

plural Orion Substation Automation Platform Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005651

DESCRIPTION

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line. The NovaTech Orion Substation Automation Platform is a SCADA RTU system using the DNP3 protocol. NovaTech Orion DNP3 Driver is prone to a local denial-of-service vulnerability. Successfully exploiting this issue can cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2013-2822 // JVNDB: JVNDB-2013-005651 // CNVD: CNVD-2013-15487 // BID: 64434 // IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15487

AFFECTED PRODUCTS

vendor:	novatech	model:	orionlx dnp master	scope:	eq	version:	1.27.38	Trust: 3.0
vendor:	novatech	model:	orion5r dnp master	scope:	eq	version:	1.27.38	Trust: 2.7
vendor:	novatech	model:	orion5 dnp master	scope:	eq	version:	1.27.38	Trust: 2.7
vendor:	novatech	model:	orionlx dnp slave	scope:	eq	version:	1.23.10	Trust: 2.2
vendor:	novatech	model:	orion5r dnp slave	scope:	eq	version:	1.23.10	Trust: 1.9
vendor:	novatech	model:	orion5 dnp slave	scope:	eq	version:	1.23.10	Trust: 1.9
vendor:	novatech	model:	orion5 dnp slave	scope:	lte	version:	1.23.10	Trust: 0.8
vendor:	novatech	model:	orion5r dnp slave	scope:	lte	version:	1.23.10	Trust: 0.8
vendor:	novatech	model:	orionlx dnp slave	scope:	lte	version:	1.23.10	Trust: 0.8
vendor:	novatech	model:	orion5/orion5r dnp slave	scope:	eq	version:	1.23.10	Trust: 0.6
vendor:	novatech	model:	orion5/orion5r dnp master	scope:	eq	version:	1.27.38	Trust: 0.6
vendor:	novatech	model:	orionlx dnp slave	scope:	eq	version:	1.23.107.6	Trust: 0.3
vendor:	novatech	model:	orionlx dnp master	scope:	eq	version:	1.27.387.6	Trust: 0.3
vendor:	orion5 dnp master	model:	-	scope:	eq	version:	1.27.38	Trust: 0.2
vendor:	orion5 dnp slave	model:	-	scope:	eq	version:	1.23.10	Trust: 0.2
vendor:	orion5r dnp master	model:	-	scope:	eq	version:	1.27.38	Trust: 0.2
vendor:	orion5r dnp slave	model:	-	scope:	eq	version:	1.23.10	Trust: 0.2
vendor:	orionlx dnp master	model:	-	scope:	eq	version:	1.27.38	Trust: 0.2
vendor:	orionlx dnp slave	model:	-	scope:	eq	version:	1.23.10	Trust: 0.2

sources: IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15487 // BID: 64434 // JVNDB: JVNDB-2013-005651 // CNNVD: CNNVD-201312-434 // NVD: CVE-2013-2822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2822
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2822
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-15487
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-434
value:	MEDIUM
Trust: 0.6
IVD:	5dc3ee6a-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2013-2822
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-15487
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5dc3ee6a-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15487 // JVNDB: JVNDB-2013-005651 // CNNVD: CNNVD-201312-434 // NVD: CVE-2013-2822

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-005651 // NVD: CVE-2013-2822

THREAT TYPE

local

Trust: 0.9

sources: BID: 64434 // CNNVD: CNNVD-201312-434

TYPE

Input validation

Trust: 0.8

sources: IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201312-434

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005651

PATCH

title:	Orion Substation Automation Platform	url:	http://www.novatechweb.com/utility/substation-automation/	Trust: 0.8
title:	NovaTech Orion Substation Automation Platform DNP3 driver patch for local denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/41918	Trust: 0.6

sources: CNVD: CNVD-2013-15487 // JVNDB: JVNDB-2013-005651

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2822	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-352-01	Trust: 3.3
db:	BID	id:	64434	Trust: 0.9
db:	CNVD	id:	CNVD-2013-15487	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-434	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005651	Trust: 0.8
db:	IVD	id:	5DC3EE6A-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5dc3ee6a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15487 // BID: 64434 // JVNDB: JVNDB-2013-005651 // CNNVD: CNNVD-201312-434 // NVD: CVE-2013-2822

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-352-01	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2822	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-13-352-01.pdf	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2822	Trust: 0.8
url:	http://www.novatechweb.com/utility/substation-automation/	Trust: 0.3

sources: CNVD: CNVD-2013-15487 // BID: 64434 // JVNDB: JVNDB-2013-005651 // CNNVD: CNNVD-201312-434 // NVD: CVE-2013-2822

CREDITS

Adam Crain of Automatak and Chris Sistrunk

Trust: 0.3

sources: BID: 64434

SOURCES

db:	IVD	id:	5dc3ee6a-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-15487
db:	BID	id:	64434
db:	JVNDB	id:	JVNDB-2013-005651
db:	CNNVD	id:	CNNVD-201312-434
db:	NVD	id:	CVE-2013-2822

LAST UPDATE DATE

2025-04-11T23:09:48.763000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15487	date:	2013-12-23T00:00:00
db:	BID	id:	64434	date:	2013-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-005651	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-434	date:	2013-12-24T00:00:00
db:	NVD	id:	CVE-2013-2822	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	5dc3ee6a-2352-11e6-abef-000c29c66e3d	date:	2013-12-23T00:00:00
db:	CNVD	id:	CNVD-2013-15487	date:	2013-12-23T00:00:00
db:	BID	id:	64434	date:	2013-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-005651	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-434	date:	2013-12-24T00:00:00
db:	NVD	id:	CVE-2013-2822	date:	2013-12-21T14:22:56.223