Details of VAR-201406-0145

ID

VAR-201406-0145

CVE

CVE-2014-2345

TITLE

COPA-DATA zenon DNP3 NG driver and zenon DNP3 Process Gateway Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002759

DESCRIPTION

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP. The COPA-DATA zenon DNP3 NG driver (DNP3 master) and the zenon DNP3 Process Gateway (DNP3 outstation) are products of the zenon industrial automation software belonging to the HMI/SCADA class. A denial of service vulnerability exists in multiple CCOPA-DATA Zenon products. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

Trust: 3.06

sources: NVD: CVE-2014-2345 // JVNDB: JVNDB-2014-002759 // CNVD: CNVD-2014-03595 // BID: 67805 // IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // VULHUB: VHN-70284

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03595

AFFECTED PRODUCTS

vendor:	copadata	model:	zenon dnp3 ng driver	scope:	eq	version:	7.10	Trust: 1.6
vendor:	copadata	model:	zenon dnp3 ng driver	scope:	eq	version:	7.11	Trust: 1.6
vendor:	copadata	model:	zenon dnp3 process gateway	scope:	eq	version:	7.11	Trust: 1.6
vendor:	zenon dnp3 ng driver	model:	-	scope:	eq	version:	7.11	Trust: 1.2
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver	scope:	eq	version:	7.10	Trust: 0.8
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver	scope:	eq	version:	7.11 to 7.11 sp0 build 10238	Trust: 0.8
vendor:	ing punzenberger copa data	model:	zenon dnp3 process gateway	scope:	lte	version:	7.11 sp0 build 10238	Trust: 0.8
vendor:	zenon dnp3 ng driver	model:	-	scope:	eq	version:	7.10	Trust: 0.6
vendor:	zenon dnp3 process gateway	model:	-	scope:	eq	version:	7.11	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 process gateway sp0 build	scope:	eq	version:	7.1110238	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver sp0	scope:	eq	version:	7.10	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver sp0 build	scope:	eq	version:	7.1110238	Trust: 0.6

sources: IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03595 // CNNVD: CNNVD-201406-060 // JVNDB: JVNDB-2014-002759 // NVD: CVE-2014-2345

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-2345
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-2345
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2345
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-03595
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201406-060
value:	HIGH
Trust: 0.6
IVD:	f2615c3e-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	7d79d08f-463f-11e9-abbb-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	598d9d0c-1ed2-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-70284
value:	HIGH
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-2345
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.8
CNVD:	CNVD-2014-03595
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f2615c3e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d79d08f-463f-11e9-abbb-000c29342cb1
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	598d9d0c-1ed2-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70284
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03595 // VULHUB: VHN-70284 // CNNVD: CNNVD-201406-060 // JVNDB: JVNDB-2014-002759 // NVD: CVE-2014-2345 // NVD: CVE-2014-2345

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70284 // JVNDB: JVNDB-2014-002759 // NVD: CVE-2014-2345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-060

TYPE

Input validation

Trust: 1.2

sources: IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201406-060

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002759

PATCH

title:	Article ID: 178001	url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase	Trust: 0.8
title:	Article ID: 179444	url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase	Trust: 0.8
title:	Patch for multiple CCOPA-DATA Zenon product denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/46388	Trust: 0.6

sources: CNVD: CNVD-2014-03595 // JVNDB: JVNDB-2014-002759

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2345	Trust: 4.0
db:	ICS CERT	id:	ICSA-14-154-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201406-060	Trust: 1.3
db:	CNVD	id:	CNVD-2014-03595	Trust: 1.2
db:	BID	id:	67805	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002759	Trust: 0.8
db:	OSVDB	id:	107667	Trust: 0.6
db:	IVD	id:	F2615C3E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D79D08F-463F-11E9-ABBB-000C29342CB1	Trust: 0.2
db:	IVD	id:	598D9D0C-1ED2-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70284	Trust: 0.1

sources: IVD: f2615c3e-2351-11e6-abef-000c29c66e3d // IVD: 7d79d08f-463f-11e9-abbb-000c29342cb1 // IVD: 598d9d0c-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03595 // VULHUB: VHN-70284 // BID: 67805 // CNNVD: CNNVD-201406-060 // JVNDB: JVNDB-2014-002759 // NVD: CVE-2014-2345

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-154-01	Trust: 3.4
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=813&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 1.6
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=814&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 1.6
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-154-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2345	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2345	Trust: 0.8
url:	http://osvdb.com/show/osvdb/107667	Trust: 0.6
url:	http://www.copadata.com/en/home.html	Trust: 0.3
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=813&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 0.1
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=814&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 0.1

sources: CNVD: CNVD-2014-03595 // VULHUB: VHN-70284 // BID: 67805 // CNNVD: CNNVD-201406-060 // JVNDB: JVNDB-2014-002759 // NVD: CVE-2014-2345

CREDITS

GmbH

Trust: 0.3

sources: BID: 67805

SOURCES

db:	IVD	id:	f2615c3e-2351-11e6-abef-000c29c66e3d
db:	IVD	id:	7d79d08f-463f-11e9-abbb-000c29342cb1
db:	IVD	id:	598d9d0c-1ed2-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-03595
db:	VULHUB	id:	VHN-70284
db:	BID	id:	67805
db:	CNNVD	id:	CNNVD-201406-060
db:	JVNDB	id:	JVNDB-2014-002759
db:	NVD	id:	CVE-2014-2345

LAST UPDATE DATE

2025-10-03T23:21:46.315000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03595	date:	2014-06-13T00:00:00
db:	VULHUB	id:	VHN-70284	date:	2014-06-05T00:00:00
db:	BID	id:	67805	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201406-060	date:	2014-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002759	date:	2014-06-06T00:00:00
db:	NVD	id:	CVE-2014-2345	date:	2025-10-02T23:15:30.320

SOURCES RELEASE DATE

db:	IVD	id:	f2615c3e-2351-11e6-abef-000c29c66e3d	date:	2014-06-13T00:00:00
db:	IVD	id:	7d79d08f-463f-11e9-abbb-000c29342cb1	date:	2014-06-13T00:00:00
db:	IVD	id:	598d9d0c-1ed2-11e6-abef-000c29c66e3d	date:	2014-06-13T00:00:00
db:	CNVD	id:	CNVD-2014-03595	date:	2014-06-13T00:00:00
db:	VULHUB	id:	VHN-70284	date:	2014-06-05T00:00:00
db:	BID	id:	67805	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201406-060	date:	2014-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002759	date:	2014-06-06T00:00:00
db:	NVD	id:	CVE-2014-2345	date:	2014-06-05T17:55:05.950