Details of VAR-201406-0146

ID

VAR-201406-0146

CVE

CVE-2014-2346

TITLE

COPA-DATA zenon DNP3 NG Drivers and zenon DNP3 Process Gateway Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002760

DESCRIPTION

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line. The COPA-DATA zenon DNP3 NG driver (DNP3 master) and the zenon DNP3 Process Gateway (DNP3 outstation) are products of the zenon industrial automation software belonging to the HMI/SCADA class. Multiple COPA-DATA Zenon product local denial of service vulnerabilities. Local attackers can exploit this issue to crash the affected application, denying service to legitimate users

Trust: 3.06

sources: NVD: CVE-2014-2346 // JVNDB: JVNDB-2014-002760 // CNVD: CNVD-2014-03596 // BID: 67806 // IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // VULHUB: VHN-70285

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03596

AFFECTED PRODUCTS

vendor:	copadata	model:	zenon dnp3 ng driver	scope:	eq	version:	7.10	Trust: 1.6
vendor:	copadata	model:	zenon dnp3 ng driver	scope:	eq	version:	7.11	Trust: 1.6
vendor:	copadata	model:	zenon dnp3 process gateway	scope:	eq	version:	7.11	Trust: 1.6
vendor:	zenon dnp3 ng driver	model:	-	scope:	eq	version:	7.11	Trust: 1.2
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver	scope:	eq	version:	7.10	Trust: 0.8
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver	scope:	eq	version:	7.11 to 7.11 sp0 build 10238	Trust: 0.8
vendor:	ing punzenberger copa data	model:	zenon dnp3 process gateway	scope:	lte	version:	7.11 sp0 build 10238	Trust: 0.8
vendor:	zenon dnp3 ng driver	model:	-	scope:	eq	version:	7.10	Trust: 0.6
vendor:	zenon dnp3 process gateway	model:	-	scope:	eq	version:	7.11	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 process gateway sp0 build	scope:	eq	version:	7.1110238	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver sp0	scope:	eq	version:	7.10	Trust: 0.6
vendor:	ing punzenberger copa data	model:	zenon dnp3 ng driver sp0 build	scope:	eq	version:	7.1110238	Trust: 0.6

sources: IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03596 // CNNVD: CNNVD-201406-061 // JVNDB: JVNDB-2014-002760 // NVD: CVE-2014-2346

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-2346
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-2346
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2346
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03596
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201406-061
value:	MEDIUM
Trust: 0.6
IVD:	f257e7ee-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d79d090-463f-11e9-ac5a-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	5e825b90-1ed2-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70285
value:	MEDIUM
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-2346
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.8
CNVD:	CNVD-2014-03596
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f257e7ee-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d79d090-463f-11e9-ac5a-000c29342cb1
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	5e825b90-1ed2-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70285
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03596 // VULHUB: VHN-70285 // CNNVD: CNNVD-201406-061 // JVNDB: JVNDB-2014-002760 // NVD: CVE-2014-2346 // NVD: CVE-2014-2346

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70285 // JVNDB: JVNDB-2014-002760 // NVD: CVE-2014-2346

THREAT TYPE

local

Trust: 0.9

sources: BID: 67806 // CNNVD: CNNVD-201406-061

TYPE

Input validation

Trust: 1.2

sources: IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201406-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002760

PATCH

title:	Article ID: 178001	url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase	Trust: 0.8
title:	Article ID: 179444	url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase	Trust: 0.8
title:	Patch for multiple COPA-DATA Zenon product local denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/46389	Trust: 0.6

sources: CNVD: CNVD-2014-03596 // JVNDB: JVNDB-2014-002760

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2346	Trust: 4.0
db:	ICS CERT	id:	ICSA-14-154-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201406-061	Trust: 1.3
db:	CNVD	id:	CNVD-2014-03596	Trust: 1.2
db:	BID	id:	67806	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002760	Trust: 0.8
db:	OSVDB	id:	107668	Trust: 0.6
db:	IVD	id:	F257E7EE-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D79D090-463F-11E9-AC5A-000C29342CB1	Trust: 0.2
db:	IVD	id:	5E825B90-1ED2-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70285	Trust: 0.1

sources: IVD: f257e7ee-2351-11e6-abef-000c29c66e3d // IVD: 7d79d090-463f-11e9-ac5a-000c29342cb1 // IVD: 5e825b90-1ed2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03596 // VULHUB: VHN-70285 // BID: 67806 // CNNVD: CNNVD-201406-061 // JVNDB: JVNDB-2014-002760 // NVD: CVE-2014-2346

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-154-01	Trust: 3.4
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=814&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 1.6
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=813&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 1.6
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-154-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2346	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2346	Trust: 0.8
url:	http://osvdb.com/show/osvdb/107668	Trust: 0.6
url:	http://www.copadata.com/en/home.html	Trust: 0.3
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=813&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 0.1
url:	http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5bknowledgebase%5d=814&tx_hrfaq_pi1%5baction%5d=show&tx_hrfaq_pi1%5bcontroller%5d=knowledgebase	Trust: 0.1

sources: CNVD: CNVD-2014-03596 // VULHUB: VHN-70285 // BID: 67806 // CNNVD: CNNVD-201406-061 // JVNDB: JVNDB-2014-002760 // NVD: CVE-2014-2346

CREDITS

GmbH

Trust: 0.3

sources: BID: 67806

SOURCES

db:	IVD	id:	f257e7ee-2351-11e6-abef-000c29c66e3d
db:	IVD	id:	7d79d090-463f-11e9-ac5a-000c29342cb1
db:	IVD	id:	5e825b90-1ed2-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-03596
db:	VULHUB	id:	VHN-70285
db:	BID	id:	67806
db:	CNNVD	id:	CNNVD-201406-061
db:	JVNDB	id:	JVNDB-2014-002760
db:	NVD	id:	CVE-2014-2346

LAST UPDATE DATE

2025-10-03T23:21:46.266000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03596	date:	2014-06-13T00:00:00
db:	VULHUB	id:	VHN-70285	date:	2014-06-05T00:00:00
db:	BID	id:	67806	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201406-061	date:	2014-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002760	date:	2014-06-06T00:00:00
db:	NVD	id:	CVE-2014-2346	date:	2025-10-02T23:15:30.497

SOURCES RELEASE DATE

db:	IVD	id:	f257e7ee-2351-11e6-abef-000c29c66e3d	date:	2014-06-13T00:00:00
db:	IVD	id:	7d79d090-463f-11e9-ac5a-000c29342cb1	date:	2014-06-13T00:00:00
db:	IVD	id:	5e825b90-1ed2-11e6-abef-000c29c66e3d	date:	2014-06-13T00:00:00
db:	CNVD	id:	CNVD-2014-03596	date:	2014-06-13T00:00:00
db:	VULHUB	id:	VHN-70285	date:	2014-06-05T00:00:00
db:	BID	id:	67806	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201406-061	date:	2014-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002760	date:	2014-06-06T00:00:00
db:	NVD	id:	CVE-2014-2346	date:	2014-06-05T17:55:06.027