Sign-up

ID

VAR-201408-0326


CVE

CVE-2014-0761


TITLE

ePAQ-9410 Substation Gateway Serial-Connected Device Local Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 596b8152-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05286

DESCRIPTION

The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. ePAQ-9410 Substation Gateway Serial-Connected device has a local denial of service vulnerability due to failure to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and initiate a denial of service attack. Note: This issue affects the IP connected devices. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway

Trust: 2.7

sources: NVD: CVE-2014-0761 // JVNDB: JVNDB-2014-003977 // CNVD: CNVD-2014-05286 // BID: 69419 // IVD: 596b8152-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68254

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 596b8152-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05286

AFFECTED PRODUCTS

vendor:qeiincmodel:epaq-9410 substation gatewayscope:eqversion: -

Trust: 1.6

vendor:cg automationmodel:epaq-9410 substation gatewayscope: - version: -

Trust: 0.8

vendor:cg automationmodel:epaq-9410/9420 multifunction gatewayscope: - version: -

Trust: 0.6

vendor:cgmodel:automation solutions epaq-9410 substation gatewayscope:eqversion:0

Trust: 0.3

vendor:epaq 9410 substation gatewaymodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 596b8152-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05286 // BID: 69419 // CNNVD: CNNVD-201408-426 // JVNDB: JVNDB-2014-003977 // NVD: CVE-2014-0761

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-0761
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2014-0761
value: HIGH

Trust: 1.0

NVD: CVE-2014-0761
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05286
value: LOW

Trust: 0.6

CNNVD: CNNVD-201408-426
value: HIGH

Trust: 0.6

IVD: 596b8152-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-68254
value: HIGH

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2014-0761
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

CNVD: CNVD-2014-05286
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 596b8152-2352-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68254
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 596b8152-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05286 // VULHUB: VHN-68254 // CNNVD: CNNVD-201408-426 // JVNDB: JVNDB-2014-003977 // NVD: CVE-2014-0761 // NVD: CVE-2014-0761

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68254 // JVNDB: JVNDB-2014-003977 // NVD: CVE-2014-0761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-426

TYPE

Input validation

Trust: 0.8

sources: IVD: 596b8152-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201408-426

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003977

PATCH
title:Top Pageurl:http://www.qeiinc.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003977

EXTERNAL IDS
db:NVDid:CVE-2014-0761
Trust: 3.6
db:ICS CERTid:ICSA-14-238-01
Trust: 2.8
db:BIDid:69419
Trust: 1.0
db:CNNVDid:CNNVD-201408-426
Trust: 0.9
db:CNVDid:CNVD-2014-05286
Trust: 0.8
db:JVNDBid:JVNDB-2014-003977
Trust: 0.8
db:IVDid:596B8152-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-68254
Trust: 0.1
sources:
            
            
            IVD: 596b8152-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05286 // 
            
            
            
            VULHUB: VHN-68254 // 
            
            
            
            BID: 69419 // 
            
            
            
            CNNVD: CNNVD-201408-426 // 
            
            
            
            JVNDB: JVNDB-2014-003977 // 
            
            
            
            NVD: CVE-2014-0761

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-238-01
Trust: 2.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01
Trust: 1.0
url:http://mail.cgautomationusa.com/login.aspx
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0761
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0761
Trust: 0.8
url:http://www.securityfocus.com/bid/69419/
Trust: 0.6
url:http://www.qeiinc.com/epaq9410_multifunction_gateway.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05286 // 
            
            
            
            VULHUB: VHN-68254 // 
            
            
            
            BID: 69419 // 
            
            
            
            CNNVD: CNNVD-201408-426 // 
            
            
            
            JVNDB: JVNDB-2014-003977 // 
            
            
            
            NVD: CVE-2014-0761

CREDITS
Adam Crain and Chris Sistrunk
Trust: 0.3
sources:
            
            
            BID: 69419

SOURCES
db:IVDid:596b8152-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05286
db:VULHUBid:VHN-68254
db:BIDid:69419
db:CNNVDid:CNNVD-201408-426
db:JVNDBid:JVNDB-2014-003977
db:NVDid:CVE-2014-0761

LAST UPDATE DATE
2025-09-20T23:21:47.790000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05286date:2014-08-29T00:00:00
db:VULHUBid:VHN-68254date:2014-08-28T00:00:00
db:BIDid:69419date:2014-08-26T00:00:00
db:CNNVDid:CNNVD-201408-426date:2014-08-29T00:00:00
db:JVNDBid:JVNDB-2014-003977date:2014-08-29T00:00:00
db:NVDid:CVE-2014-0761date:2025-09-19T19:15:37.150

SOURCES RELEASE DATE
db:IVDid:596b8152-2352-11e6-abef-000c29c66e3ddate:2014-08-29T00:00:00
db:CNVDid:CNVD-2014-05286date:2014-08-29T00:00:00
db:VULHUBid:VHN-68254date:2014-08-28T00:00:00
db:BIDid:69419date:2014-08-26T00:00:00
db:CNNVDid:CNNVD-201408-426date:2014-08-29T00:00:00
db:JVNDBid:JVNDB-2014-003977date:2014-08-29T00:00:00
db:NVDid:CVE-2014-0761date:2014-08-28T01:55:02.933