Sign-up

ID

VAR-201401-0247


CVE

CVE-2013-6143


TITLE

Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability

Trust: 1.1

sources: IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00752 // BID: 65262

DESCRIPTION

The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. Telvent SAGE 3030 RTU C3413-500-001D3_P4 and C3413-500-001F0_PB are vulnerable; other versions may also be affected

Trust: 2.7

sources: NVD: CVE-2013-6143 // JVNDB: JVNDB-2013-005974 // CNVD: CNVD-2014-00752 // BID: 65262 // IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-66145

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00752

AFFECTED PRODUCTS

vendor:schneider electricmodel:telvent sage 3030scope:eqversion:c3413-500-001d3_p4

Trust: 2.4

vendor:schneider electricmodel:telvent sage 3030scope:eqversion:c3413-500-001f0_pb

Trust: 2.4

vendor:schneidermodel:electric telvent sage rtu c3413-500-001d3 p4scope:eqversion:3030

Trust: 0.6

vendor:schneidermodel:electric telvent sage rtu c3413-500-001f0 pbscope:eqversion:3030

Trust: 0.6

vendor:telvent sage 3030model:c3413-500-001d3 p4scope: - version: -

Trust: 0.2

vendor:telvent sage 3030model:c3413-500-001f0 pbscope: - version: -

Trust: 0.2

sources: IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00752 // JVNDB: JVNDB-2013-005974 // CNNVD: CNNVD-201401-606 // NVD: CVE-2013-6143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6143
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6143
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00752
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-606
value: MEDIUM

Trust: 0.6

IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-66145
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6143
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00752
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-66145
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00752 // VULHUB: VHN-66145 // JVNDB: JVNDB-2013-005974 // CNNVD: CNNVD-201401-606 // NVD: CVE-2013-6143

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-66145 // JVNDB: JVNDB-2013-005974 // NVD: CVE-2013-6143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-606

TYPE

Input validation

Trust: 0.8

sources: IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201401-606

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005974

PATCH
title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/ww/
Trust: 0.8
title:Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/43429
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00752 // 
            
            
            
            JVNDB: JVNDB-2013-005974

EXTERNAL IDS
db:NVDid:CVE-2013-6143
Trust: 3.6
db:ICS CERTid:ICSA-14-006-01
Trust: 3.1
db:BIDid:65262
Trust: 1.0
db:CNVDid:CNVD-2014-00752
Trust: 0.8
db:CNNVDid:CNNVD-201401-606
Trust: 0.8
db:XFid:90840
Trust: 0.8
db:JVNDBid:JVNDB-2013-005974
Trust: 0.8
db:SECUNIAid:56712
Trust: 0.6
db:IVDid:3FDF90A2-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-66145
Trust: 0.1
sources:
            
            
            IVD: 3fdf90a2-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00752 // 
            
            
            
            VULHUB: VHN-66145 // 
            
            
            
            BID: 65262 // 
            
            
            
            JVNDB: JVNDB-2013-005974 // 
            
            
            
            CNNVD: CNNVD-201401-606 // 
            
            
            
            NVD: CVE-2013-6143

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-006-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6143
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6143
Trust: 0.8
url:https://xforce.iss.net/xforce/xfdb/90840
Trust: 0.8
url:https://infrastructurecommunity.schneider-electric.com/servlet/jiveservlet/downloadbody/2966-102-1-4299/sage%20rtu%20dnp%20security%20bulletin%20123013%200102.pdf
Trust: 0.8
url:http://secunia.com/advisories/56712/
Trust: 0.6
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00752 // 
            
            
            
            VULHUB: VHN-66145 // 
            
            
            
            BID: 65262 // 
            
            
            
            JVNDB: JVNDB-2013-005974 // 
            
            
            
            CNNVD: CNNVD-201401-606 // 
            
            
            
            NVD: CVE-2013-6143

CREDITS
Adam Crain, Automatak, and Chris Sistrunk.
Trust: 0.3
sources:
            
            
            BID: 65262

SOURCES
db:IVDid:3fdf90a2-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00752
db:VULHUBid:VHN-66145
db:BIDid:65262
db:JVNDBid:JVNDB-2013-005974
db:CNNVDid:CNNVD-201401-606
db:NVDid:CVE-2013-6143

LAST UPDATE DATE
2025-04-11T23:15:23.745000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00752date:2014-02-13T00:00:00
db:VULHUBid:VHN-66145date:2014-02-10T00:00:00
db:BIDid:65262date:2015-03-19T08:13:00
db:JVNDBid:JVNDB-2013-005974date:2014-02-04T00:00:00
db:CNNVDid:CNNVD-201401-606date:2014-02-08T00:00:00
db:NVDid:CVE-2013-6143date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:3fdf90a2-2352-11e6-abef-000c29c66e3ddate:2014-02-13T00:00:00
db:CNVDid:CNVD-2014-00752date:2014-02-13T00:00:00
db:VULHUBid:VHN-66145date:2014-01-31T00:00:00
db:BIDid:65262date:2014-01-30T00:00:00
db:JVNDBid:JVNDB-2013-005974date:2014-02-04T00:00:00
db:CNNVDid:CNNVD-201401-606date:2014-01-31T00:00:00
db:NVDid:CVE-2013-6143date:2014-01-31T16:55:05.077