Sign-up

ID

VAR-201401-0246


CVE

CVE-2013-6142


TITLE

Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00429

DESCRIPTION

DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application and cause denial-of-service condition. Both Schneider Electric ClearSCADA and SCADA Expert ClearSCADA are products of French Schneider Electric (Schneider Electric). ClearSCADA is an open software platform specially designed for SCADA systems with multiple remote controllers and sensors; SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform in StruxureWare SCADAExpert (industrial automation and control system integration software)

Trust: 2.7

sources: NVD: CVE-2013-6142 // JVNDB: JVNDB-2013-005850 // CNVD: CNVD-2014-00429 // BID: 64813 // IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-66144

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00429

AFFECTED PRODUCTS

vendor:avevamodel:clearscadascope:eqversion:2013

Trust: 1.6

vendor:avevamodel:clearscadascope:eqversion:2010

Trust: 1.0

vendor:clearscadamodel: - scope:eqversion:2010

Trust: 0.8

vendor:clearscadamodel: - scope:eqversion:2013

Trust: 0.8

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r2 (build 71.4165)

Trust: 0.8

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r2.1 (build 71.4325)

Trust: 0.8

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r3 (build 72.4560)

Trust: 0.8

vendor:schneider electricmodel:clearscadascope:eqversion:2010 r3.1 (build 72.4644)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1 (build 73.4729)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.1 (build 73.4832)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.1a (build 73.4903)

Trust: 0.8

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013 r1.2 (build 73.4955)

Trust: 0.8

vendor:schneidermodel:electric clearscada r2 r3.1scope:eqversion:2010-2010

Trust: 0.6

vendor:schneidermodel:electric scada expert clearscada r1 r1.2scope:eqversion:2013-2013

Trust: 0.6

vendor:schneider electricmodel:clearscadascope:eqversion:2010

Trust: 0.6

vendor:schneider electricmodel:scada expert clearscadascope:eqversion:2013

Trust: 0.6

vendor:schneider electricmodel:scada expert clearscada r1.2scope:eqversion:2013

Trust: 0.3

vendor:schneider electricmodel:scada expert clearscada r1.1ascope:eqversion:2013

Trust: 0.3

vendor:schneider electricmodel:scada expert clearscada r1.1scope:eqversion:2013

Trust: 0.3

vendor:schneider electricmodel:scada expert clearscada r1scope:eqversion:2013

Trust: 0.3

vendor:schneider electricmodel:clearscada r3.1scope:eqversion:2010

Trust: 0.3

vendor:schneider electricmodel:clearscada r3scope:eqversion:2010

Trust: 0.3

vendor:schneider electricmodel:clearscada r2.1scope:eqversion:2010

Trust: 0.3

vendor:schneider electricmodel:clearscada r2scope:eqversion:2010

Trust: 0.3

sources: IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00429 // BID: 64813 // JVNDB: JVNDB-2013-005850 // CNNVD: CNNVD-201401-325 // NVD: CVE-2013-6142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6142
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6142
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00429
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-325
value: MEDIUM

Trust: 0.6

IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-66144
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6142
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00429
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-66144
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00429 // VULHUB: VHN-66144 // JVNDB: JVNDB-2013-005850 // CNNVD: CNNVD-201401-325 // NVD: CVE-2013-6142

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-66144 // JVNDB: JVNDB-2013-005850 // NVD: CVE-2013-6142

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-325

TYPE

Resource management error

Trust: 0.8

sources: IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201401-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005850

PATCH
title:StruxureWare SCADA Expert ClearSCADA - SCADA software for telemetry and remote SCADA applicationsurl:http://www.schneider-electric.com/
Trust: 0.8
title:Top Pageurl:http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA&xtcr=1
Trust: 0.8
title:Schneider Electric ClearSCADA DNP3Driver.exe Remote Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/42539
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00429 // 
            
            
            
            JVNDB: JVNDB-2013-005850

EXTERNAL IDS
db:NVDid:CVE-2013-6142
Trust: 3.6
db:ICS CERTid:ICSA-14-014-01
Trust: 3.4
db:BIDid:64813
Trust: 1.0
db:CNNVDid:CNNVD-201401-325
Trust: 0.9
db:CNVDid:CNVD-2014-00429
Trust: 0.8
db:JVNDBid:JVNDB-2013-005850
Trust: 0.8
db:IVDid:4AD3B3E4-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-66144
Trust: 0.1
sources:
            
            
            IVD: 4ad3b3e4-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00429 // 
            
            
            
            VULHUB: VHN-66144 // 
            
            
            
            BID: 64813 // 
            
            
            
            JVNDB: JVNDB-2013-005850 // 
            
            
            
            CNNVD: CNNVD-201401-325 // 
            
            
            
            NVD: CVE-2013-6142

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-014-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6142
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6142
Trust: 0.8
url:www.controlmicrosystems.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00429 // 
            
            
            
            VULHUB: VHN-66144 // 
            
            
            
            BID: 64813 // 
            
            
            
            JVNDB: JVNDB-2013-005850 // 
            
            
            
            CNNVD: CNNVD-201401-325 // 
            
            
            
            NVD: CVE-2013-6142

CREDITS
Adam Crain of Automatak and Chris Sistrunk
Trust: 0.3
sources:
            
            
            BID: 64813

SOURCES
db:IVDid:4ad3b3e4-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00429
db:VULHUBid:VHN-66144
db:BIDid:64813
db:JVNDBid:JVNDB-2013-005850
db:CNNVDid:CNNVD-201401-325
db:NVDid:CVE-2013-6142

LAST UPDATE DATE
2025-04-11T23:20:33.492000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00429date:2014-01-21T00:00:00
db:VULHUBid:VHN-66144date:2018-12-31T00:00:00
db:BIDid:64813date:2015-03-19T08:34:00
db:JVNDBid:JVNDB-2013-005850date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-325date:2014-01-22T00:00:00
db:NVDid:CVE-2013-6142date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:4ad3b3e4-2352-11e6-abef-000c29c66e3ddate:2014-01-17T00:00:00
db:CNVDid:CNVD-2014-00429date:2014-01-17T00:00:00
db:VULHUBid:VHN-66144date:2014-01-15T00:00:00
db:BIDid:64813date:2014-01-14T00:00:00
db:JVNDBid:JVNDB-2013-005850date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-325date:2014-01-22T00:00:00
db:NVDid:CVE-2013-6142date:2014-01-15T16:11:08.363