Sign-up

ID

VAR-201408-0327


CVE

CVE-2014-0762


TITLE

ePAQ-9410 Substation Gateway Serial-Connected Devices Local Denial of Service Vulnerability

Trust: 1.1

sources: IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05291 // BID: 69421

DESCRIPTION

The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. Note: To exploit this issue local access to the serial-based outstation is required

Trust: 2.7

sources: NVD: CVE-2014-0762 // JVNDB: JVNDB-2014-003978 // CNVD: CNVD-2014-05291 // BID: 69421 // IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // VULHUB: VHN-68255

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05291

AFFECTED PRODUCTS

vendor:qeiincmodel:epaq-9410 substation gatewayscope:eqversion: -

Trust: 1.6

vendor:cg automationmodel:epaq-9410 substation gatewayscope: - version: -

Trust: 0.8

vendor:cg automationmodel:epaq-9410/9420 multifunction gatewayscope: - version: -

Trust: 0.6

vendor:cgmodel:automation solutions epaq-9410 substation gatewayscope:eqversion:0

Trust: 0.3

vendor:epaq 9410 substation gatewaymodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05291 // BID: 69421 // CNNVD: CNNVD-201408-427 // JVNDB: JVNDB-2014-003978 // NVD: CVE-2014-0762

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-0762
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2014-0762
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0762
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-05291
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201408-427
value: MEDIUM

Trust: 0.6

IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-68255
value: MEDIUM

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2014-0762
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

CNVD: CNVD-2014-05291
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68255
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05291 // VULHUB: VHN-68255 // CNNVD: CNNVD-201408-427 // JVNDB: JVNDB-2014-003978 // NVD: CVE-2014-0762 // NVD: CVE-2014-0762

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68255 // JVNDB: JVNDB-2014-003978 // NVD: CVE-2014-0762

THREAT TYPE

local

Trust: 0.9

sources: BID: 69421 // CNNVD: CNNVD-201408-427

TYPE

Input validation

Trust: 0.8

sources: IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201408-427

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003978

PATCH
title:Top Pageurl:http://www.qeiinc.com/
Trust: 0.8
title:ePAQ-9410 Substation Gateway Serial-Connected Devices Patch for Local Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/49437
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05291 // 
            
            
            
            JVNDB: JVNDB-2014-003978

EXTERNAL IDS
db:NVDid:CVE-2014-0762
Trust: 3.6
db:ICS CERTid:ICSA-14-238-01
Trust: 2.8
db:BIDid:69421
Trust: 1.0
db:CNNVDid:CNNVD-201408-427
Trust: 0.9
db:CNVDid:CNVD-2014-05291
Trust: 0.8
db:JVNDBid:JVNDB-2014-003978
Trust: 0.8
db:OSVDBid:110466
Trust: 0.6
db:IVDid:975FD358-1EC2-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-68255
Trust: 0.1
sources:
            
            
            IVD: 975fd358-1ec2-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05291 // 
            
            
            
            VULHUB: VHN-68255 // 
            
            
            
            BID: 69421 // 
            
            
            
            CNNVD: CNNVD-201408-427 // 
            
            
            
            JVNDB: JVNDB-2014-003978 // 
            
            
            
            NVD: CVE-2014-0762

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-238-01
Trust: 2.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01
Trust: 1.0
url:http://mail.cgautomationusa.com/login.aspx
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0762
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0762
Trust: 0.8
url:http://www.securityfocus.com/bid/69421
Trust: 0.6
url:http://osvdb.com/show/osvdb/110466
Trust: 0.6
url:http://www.qeiinc.com/epaq9410_multifunction_gateway.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-05291 // 
            
            
            
            VULHUB: VHN-68255 // 
            
            
            
            BID: 69421 // 
            
            
            
            CNNVD: CNNVD-201408-427 // 
            
            
            
            JVNDB: JVNDB-2014-003978 // 
            
            
            
            NVD: CVE-2014-0762

CREDITS
Adam Crain and Chris Sistrunk
Trust: 0.3
sources:
            
            
            BID: 69421

SOURCES
db:IVDid:975fd358-1ec2-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05291
db:VULHUBid:VHN-68255
db:BIDid:69421
db:CNNVDid:CNNVD-201408-427
db:JVNDBid:JVNDB-2014-003978
db:NVDid:CVE-2014-0762

LAST UPDATE DATE
2025-09-20T23:21:47.831000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05291date:2014-08-29T00:00:00
db:VULHUBid:VHN-68255date:2014-08-28T00:00:00
db:BIDid:69421date:2014-08-26T00:00:00
db:CNNVDid:CNNVD-201408-427date:2014-08-29T00:00:00
db:JVNDBid:JVNDB-2014-003978date:2014-08-29T00:00:00
db:NVDid:CVE-2014-0762date:2025-09-19T19:15:37.340

SOURCES RELEASE DATE
db:IVDid:975fd358-1ec2-11e6-abef-000c29c66e3ddate:2014-08-29T00:00:00
db:CNVDid:CNVD-2014-05291date:2014-08-29T00:00:00
db:VULHUBid:VHN-68255date:2014-08-28T00:00:00
db:BIDid:69421date:2014-08-26T00:00:00
db:CNNVDid:CNNVD-201408-427date:2014-08-29T00:00:00
db:JVNDBid:JVNDB-2014-003978date:2014-08-29T00:00:00
db:NVDid:CVE-2014-0762date:2014-08-28T01:55:03.043