Sign-up

ID

VAR-201402-0089


CVE

CVE-2013-2829


TITLE

MatrikonOPC SCADA DNP3 OPC Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-006044

DESCRIPTION

MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. MatrikonOPC is the world's largest OPC developer and supplier. Allows an attacker to exploit a vulnerability to launch a denial of service attack. Successful exploits may allow an attacker to cause denial-of-service conditions. DNP3 OPC Server versions prior to 1.2.2.0 are vulnerable

Trust: 2.43

sources: NVD: CVE-2013-2829 // JVNDB: JVNDB-2013-006044 // CNVD: CNVD-2014-01041 // BID: 65502

AFFECTED PRODUCTS

vendor:matrikonopcmodel:scada dnp3 opc serverscope:eqversion:1.2.0

Trust: 1.6

vendor:matrikonopcmodel:scada dnp3 opc serverscope:lteversion:1.2.2.0

Trust: 1.0

vendor:matrikonopcmodel:opc server for dnp3scope:lteversion:1.2.2.0

Trust: 0.8

vendor:matrikonopcmodel:dnp3 opc serverscope:ltversion:1.2.2.0

Trust: 0.6

vendor:matrikonopcmodel:scada dnp3 opc serverscope:eqversion:1.2.2.0

Trust: 0.6

vendor:matrikonopcmodel:dnp3 opc serverscope:eqversion:1.2

Trust: 0.3

vendor:matrikonopcmodel:dnp3 opc serverscope:neversion:1.2.2.0

Trust: 0.3

sources: CNVD: CNVD-2014-01041 // BID: 65502 // JVNDB: JVNDB-2013-006044 // CNNVD: CNNVD-201402-185 // NVD: CVE-2013-2829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2829
value: HIGH

Trust: 1.0

NVD: CVE-2013-2829
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01041
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-185
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-2829
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01041
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-01041 // JVNDB: JVNDB-2013-006044 // CNNVD: CNNVD-201402-185 // NVD: CVE-2013-2829

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-006044 // NVD: CVE-2013-2829

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-185

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006044

PATCH
title:DNP3 OPC Serverurl:http://www.matrikonopc.com/opc-drivers/opc-dnp3/base-driver-details.aspx
Trust: 0.8
title:Patch for MatrikonOPC DNP3 OPC Server Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/43705
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01041 // 
            
            
            
            JVNDB: JVNDB-2013-006044

EXTERNAL IDS
db:NVDid:CVE-2013-2829
Trust: 3.3
db:ICS CERTid:ICSA-14-010-01
Trust: 2.7
db:BIDid:65502
Trust: 0.9
db:JVNDBid:JVNDB-2013-006044
Trust: 0.8
db:CNVDid:CNVD-2014-01041
Trust: 0.6
db:SECUNIAid:56883
Trust: 0.6
db:CNNVDid:CNNVD-201402-185
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01041 // 
            
            
            
            BID: 65502 // 
            
            
            
            JVNDB: JVNDB-2013-006044 // 
            
            
            
            CNNVD: CNNVD-201402-185 // 
            
            
            
            NVD: CVE-2013-2829

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-010-01
Trust: 2.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2829
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2829
Trust: 0.8
url:http://www.securityfocus.com/bid/65502
Trust: 0.6
url:http://secunia.com/advisories/56883
Trust: 0.6
url:http://www.matrikonopc.com/
Trust: 0.3
url:http://www.opcsupport.com/ics/support/default.asp?deptid=4590
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01041 // 
            
            
            
            BID: 65502 // 
            
            
            
            JVNDB: JVNDB-2013-006044 // 
            
            
            
            CNNVD: CNNVD-201402-185 // 
            
            
            
            NVD: CVE-2013-2829

CREDITS
Adam Crain of Automatak and Chris Sistrunk
Trust: 0.3
sources:
            
            
            BID: 65502

SOURCES
db:CNVDid:CNVD-2014-01041
db:BIDid:65502
db:JVNDBid:JVNDB-2013-006044
db:CNNVDid:CNNVD-201402-185
db:NVDid:CVE-2013-2829

LAST UPDATE DATE
2025-04-11T23:02:50.251000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01041date:2014-02-19T00:00:00
db:BIDid:65502date:2014-02-11T00:00:00
db:JVNDBid:JVNDB-2013-006044date:2014-02-17T00:00:00
db:CNNVDid:CNNVD-201402-185date:2014-02-17T00:00:00
db:NVDid:CVE-2013-2829date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-01041date:2014-02-17T00:00:00
db:BIDid:65502date:2014-02-11T00:00:00
db:JVNDBid:JVNDB-2013-006044date:2014-02-17T00:00:00
db:CNNVDid:CNNVD-201402-185date:2014-02-17T00:00:00
db:NVDid:CVE-2013-2829date:2014-02-14T13:10:47.467