Sign-up

ID

VAR-201312-0068


CVE

CVE-2013-2825


TITLE

Linux Kernel Base of Director Industrial Communication Gateway Device Outstation Component DNP3 Service disruption in services (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005351

DESCRIPTION

The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input. Elecsys Director Gateway is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Elecsys Director Industrial Communication Gateway is a set of industrial data communication gateway equipment of Elecsys Company in the United States. The device provides functions such as data acquisition, automatic communication failover, network security, bandwidth management, protocol conversion, and more

Trust: 1.98

sources: NVD: CVE-2013-2825 // JVNDB: JVNDB-2013-005351 // BID: 64067 // VULHUB: VHN-62827

AFFECTED PRODUCTS

vendor:elecsyscorpmodel:director dnp3 outstation kernelscope:eqversion:2.6.32.11

Trust: 1.6

vendor:elecsyscorpmodel:director industrial communication gatewayscope:eqversion: -

Trust: 1.0

vendor:elecsysmodel:director industrial communication gatewayscope:lteversion:of linux kernel 2.6.32.11ael1

Trust: 0.8

vendor:elecsysmodel:director gateway 2.6.32.11ael1scope: - version: -

Trust: 0.3

sources: BID: 64067 // JVNDB: JVNDB-2013-005351 // CNNVD: CNNVD-201312-068 // NVD: CVE-2013-2825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2825
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2825
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-068
value: MEDIUM

Trust: 0.6

VULHUB: VHN-62827
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2825
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62827
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62827 // JVNDB: JVNDB-2013-005351 // CNNVD: CNNVD-201312-068 // NVD: CVE-2013-2825

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-62827 // JVNDB: JVNDB-2013-005351 // NVD: CVE-2013-2825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-068

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-068

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005351

PATCH
title:Industrial Data Communications Systemsurl:http://www.elecsyscorp.com/scada/director.html
Trust: 0.8
title:Linux Kernel Archivesurl:http://www.kernel.org
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005351

EXTERNAL IDS
db:ICS CERTid:ICSA-13-337-01
Trust: 2.8
db:NVDid:CVE-2013-2825
Trust: 2.8
db:JVNDBid:JVNDB-2013-005351
Trust: 0.8
db:CNNVDid:CNNVD-201312-068
Trust: 0.7
db:BIDid:64067
Trust: 0.4
db:VULHUBid:VHN-62827
Trust: 0.1
sources:
            
            
            VULHUB: VHN-62827 // 
            
            
            
            BID: 64067 // 
            
            
            
            JVNDB: JVNDB-2013-005351 // 
            
            
            
            CNNVD: CNNVD-201312-068 // 
            
            
            
            NVD: CVE-2013-2825

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-337-01
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2825
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2825
Trust: 0.8
url:http://www.elecsyscorp.com/scada/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-62827 // 
            
            
            
            BID: 64067 // 
            
            
            
            JVNDB: JVNDB-2013-005351 // 
            
            
            
            CNNVD: CNNVD-201312-068 // 
            
            
            
            NVD: CVE-2013-2825

CREDITS
Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski
Trust: 0.3
sources:
            
            
            BID: 64067

SOURCES
db:VULHUBid:VHN-62827
db:BIDid:64067
db:JVNDBid:JVNDB-2013-005351
db:CNNVDid:CNNVD-201312-068
db:NVDid:CVE-2013-2825

LAST UPDATE DATE
2025-04-11T23:02:51.380000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-62827date:2014-02-27T00:00:00
db:BIDid:64067date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005351date:2013-12-06T00:00:00
db:CNNVDid:CNNVD-201312-068date:2013-12-06T00:00:00
db:NVDid:CVE-2013-2825date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-62827date:2013-12-04T00:00:00
db:BIDid:64067date:2013-12-03T00:00:00
db:JVNDBid:JVNDB-2013-005351date:2013-12-06T00:00:00
db:CNNVDid:CNNVD-201312-068date:2013-12-06T00:00:00
db:NVDid:CVE-2013-2825date:2013-12-04T20:55:05.223