Details of VAR-201402-0088

ID

VAR-201402-0088

CVE

CVE-2013-2824

TITLE

plural Schneider Electric Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-006085

DESCRIPTION

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Multiple Schneider Electric products are prone to a remote denial-of-service vulnerability. Attackers may exploit this issue to cause an affected application to crash, resulting in a denial-of-service condition. Schneider Electric, StruxureWare SCADA Expert, Vijeo Citect, etc. are the software used by Schneider Electric in France to provide monitoring and control functions in the data acquisition and monitoring system (SCADA)

Trust: 2.7

sources: NVD: CVE-2013-2824 // JVNDB: JVNDB-2013-006085 // CNVD: CNVD-2014-01104 // BID: 65635 // IVD: 3208502c-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62826

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3208502c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01104

AFFECTED PRODUCTS

vendor:	schneider electric	model:	struxureware scada expert vijeo citect	scope:	eq	version:	7.40	Trust: 2.4
vendor:	schneider electric	model:	struxureware scada expert vijeo citect	scope:	eq	version:	7.20	Trust: 1.6
vendor:	schneider electric	model:	powerlogic scada	scope:	eq	version:	7.20	Trust: 1.6
vendor:	schneider electric	model:	citectscada	scope:	eq	version:	7.20	Trust: 1.6
vendor:	schneider electric	model:	citectscada	scope:	eq	version:	7.30	Trust: 1.6
vendor:	schneider electric	model:	struxureware powerscada expert	scope:	eq	version:	7.30	Trust: 1.6
vendor:	citectscada	model:	-	scope:	eq	version:	7.20	Trust: 1.0
vendor:	struxureware scada expert vijeo citect	model:	-	scope:	eq	version:	7.20	Trust: 1.0
vendor:	schneider electric	model:	struxureware scada expert vijeo citect	scope:	eq	version:	7.30	Trust: 1.0
vendor:	schneider electric	model:	citectscada	scope:	eq	version:	7.20 to 7.30sp1	Trust: 0.8
vendor:	schneider electric	model:	powerlogic scada	scope:	eq	version:	7.20 to 7.20sr1	Trust: 0.8
vendor:	schneider electric	model:	struxureware powerscada expert	scope:	eq	version:	7.30 to 7.30sr1	Trust: 0.8
vendor:	schneider electric	model:	struxureware scada expert vijeo citect	scope:	eq	version:	7.20 to 7.30sp1	Trust: 0.8
vendor:	schneider	model:	electric vijeo citect	scope:	eq	version:	7.x	Trust: 0.6
vendor:	schneider	model:	electric scadapack	scope:	eq	version:	7.x	Trust: 0.6
vendor:	schneider	model:	electric powerlogic scada	scope:	eq	version:	7.x	Trust: 0.6
vendor:	schneider	model:	electric struxureware powerscada expert	scope:	eq	version:	7.x	Trust: 0.6
vendor:	schneider	model:	electric struxureware scada expert vijeo citect	scope:	eq	version:	7.x	Trust: 0.6
vendor:	citectscada	model:	-	scope:	eq	version:	7.30	Trust: 0.4
vendor:	powerlogic scada	model:	-	scope:	eq	version:	7.20	Trust: 0.4
vendor:	struxureware powerscada expert	model:	-	scope:	eq	version:	7.30	Trust: 0.4
vendor:	struxureware scada expert vijeo citect	model:	-	scope:	eq	version:	7.30	Trust: 0.4
vendor:	schneider	model:	electric vijeo citect	scope:	eq	version:	7.20	Trust: 0.3
vendor:	struxureware scada expert vijeo citect	model:	-	scope:	eq	version:	7.40	Trust: 0.2

sources: IVD: 3208502c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01104 // BID: 65635 // JVNDB: JVNDB-2013-006085 // CNNVD: CNNVD-201402-398 // NVD: CVE-2013-2824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2824
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2824
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01104
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201402-398
value:	HIGH
Trust: 0.6
IVD:	3208502c-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-62826
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2824
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01104
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3208502c-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-62826
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 3208502c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01104 // VULHUB: VHN-62826 // JVNDB: JVNDB-2013-006085 // CNNVD: CNNVD-201402-398 // NVD: CVE-2013-2824

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-006085 // NVD: CVE-2013-2824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-398

TYPE

other

Trust: 0.8

sources: IVD: 3208502c-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006085

PATCH

title:	Cumulative update for SCADA Expert Vijeo Citect / CitectSCADA / PowerSCADA Expert	url:	http://www.citect.schneider-electric.com/security-DoS	Trust: 0.8
title:	Patch for multiple Schneider Electric products remote denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/43754	Trust: 0.6

sources: CNVD: CNVD-2014-01104 // JVNDB: JVNDB-2013-006085

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2824	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-350-01	Trust: 2.5
db:	BID	id:	65635	Trust: 1.0
db:	CNNVD	id:	CNNVD-201402-398	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01104	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-006085	Trust: 0.8
db:	SECUNIA	id:	57000	Trust: 0.6
db:	IVD	id:	3208502C-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-62826	Trust: 0.1

sources: IVD: 3208502c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01104 // VULHUB: VHN-62826 // BID: 65635 // JVNDB: JVNDB-2013-006085 // CNNVD: CNNVD-201402-398 // NVD: CVE-2013-2824

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-350-01	Trust: 2.5
url:	http://www.citect.schneider-electric.com/security-dos	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2824	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2824	Trust: 0.8
url:	http://secunia.com/advisories/57000/	Trust: 0.6
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-02	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2014-01104 // VULHUB: VHN-62826 // BID: 65635 // JVNDB: JVNDB-2013-006085 // CNNVD: CNNVD-201402-398 // NVD: CVE-2013-2824

CREDITS

Carsten Eiram of Risk Based Security

Trust: 0.3

sources: BID: 65635

SOURCES

db:	IVD	id:	3208502c-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01104
db:	VULHUB	id:	VHN-62826
db:	BID	id:	65635
db:	JVNDB	id:	JVNDB-2013-006085
db:	CNNVD	id:	CNNVD-201402-398
db:	NVD	id:	CVE-2013-2824

LAST UPDATE DATE

2025-04-11T23:07:14.212000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01104	date:	2014-02-20T00:00:00
db:	VULHUB	id:	VHN-62826	date:	2014-02-26T00:00:00
db:	BID	id:	65635	date:	2014-02-27T10:31:00
db:	JVNDB	id:	JVNDB-2013-006085	date:	2014-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201402-398	date:	2014-02-27T00:00:00
db:	NVD	id:	CVE-2013-2824	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	3208502c-2352-11e6-abef-000c29c66e3d	date:	2014-02-20T00:00:00
db:	CNVD	id:	CNVD-2014-01104	date:	2014-02-20T00:00:00
db:	VULHUB	id:	VHN-62826	date:	2014-02-26T00:00:00
db:	BID	id:	65635	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-006085	date:	2014-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201402-398	date:	2014-02-27T00:00:00
db:	NVD	id:	CVE-2013-2824	date:	2014-02-26T14:55:08.147