Details of VAR-201412-0520

ID

VAR-201412-0520

CVE

CVE-2014-5429

TITLE

Elipse SCADA and Elipse Power of DNP Master Driver Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-005806

DESCRIPTION

DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. Multiple Elipse products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected process, denying service to legitimate users. Elipse Software SCADA etc. are the products of Brazil Elipse Software Company. Elipse Software SCADA is a set of software for deploying, implementing and integrating HMI and SCADA applications; Elipse Software E3 is a set of HMI/SCADA platforms that provide support for distributed applications, mission-critical applications and control centers; Elipse Software Power is A power management suite. DNP Master Driver is a DNP (communication protocol) master driver for it

Trust: 1.98

sources: NVD: CVE-2014-5429 // JVNDB: JVNDB-2014-005806 // BID: 71421 // VULHUB: VHN-73370

AFFECTED PRODUCTS

vendor:	elipse	model:	power	scope:	lte	version:	4.6	Trust: 1.0
vendor:	elipse	model:	e3	scope:	lte	version:	4.6	Trust: 1.0
vendor:	elipse	model:	scada	scope:	lte	version:	2.29	Trust: 1.0
vendor:	elipse	model:	e3	scope:	eq	version:	1.0 to 4.6	Trust: 0.8
vendor:	elipse	model:	power	scope:	eq	version:	1.0 to 4.6	Trust: 0.8
vendor:	elipse	model:	scada	scope:	lte	version:	2.29 build 141	Trust: 0.8
vendor:	elipse	model:	e3	scope:	eq	version:	4.6	Trust: 0.6
vendor:	elipse	model:	scada	scope:	eq	version:	2.29	Trust: 0.6
vendor:	elipse	model:	power	scope:	eq	version:	4.6	Trust: 0.6
vendor:	elipse	model:	software scada build	scope:	eq	version:	2.29141	Trust: 0.3
vendor:	elipse	model:	software scada	scope:	eq	version:	2.29	Trust: 0.3
vendor:	elipse	model:	software power systems	scope:	eq	version:	4.6	Trust: 0.3
vendor:	elipse	model:	software power systems	scope:	eq	version:	1.0	Trust: 0.3
vendor:	elipse	model:	software e3	scope:	eq	version:	4.6	Trust: 0.3
vendor:	elipse	model:	software e3	scope:	eq	version:	3.2	Trust: 0.3
vendor:	elipse	model:	software e3	scope:	eq	version:	3.0	Trust: 0.3
vendor:	elipse	model:	software e3	scope:	eq	version:	1.0	Trust: 0.3
vendor:	elipse	model:	software dnp master	scope:	eq	version:	3.03.02	Trust: 0.3
vendor:	elipse	model:	software dnp master driver	scope:	ne	version:	4.0.21	Trust: 0.3

sources: BID: 71421 // JVNDB: JVNDB-2014-005806 // CNNVD: CNNVD-201412-120 // NVD: CVE-2014-5429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5429
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-5429
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-120
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-73370
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-5429
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-73370
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-73370 // JVNDB: JVNDB-2014-005806 // CNNVD: CNNVD-201412-120 // NVD: CVE-2014-5429

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-73370 // JVNDB: JVNDB-2014-005806 // NVD: CVE-2014-5429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-120

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201412-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005806

PATCH

title:

Top Page

url:

http://www.elipse.com.br/port/index.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2014-005806

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5429	Trust: 2.8
db:	ICS CERT	id:	ICSA-14-303-02	Trust: 2.8
db:	BID	id:	71421	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-005806	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-120	Trust: 0.7
db:	VULHUB	id:	VHN-73370	Trust: 0.1

sources: VULHUB: VHN-73370 // BID: 71421 // JVNDB: JVNDB-2014-005806 // CNNVD: CNNVD-201412-120 // NVD: CVE-2014-5429

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-303-02	Trust: 2.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5429	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5429	Trust: 0.8
url:	http://www.securityfocus.com/bid/71421	Trust: 0.6
url:	http://www.elipse.com.br	Trust: 0.3

sources: VULHUB: VHN-73370 // BID: 71421 // JVNDB: JVNDB-2014-005806 // CNNVD: CNNVD-201412-120 // NVD: CVE-2014-5429

CREDITS

Adam Crain and Chris Sistrunk

Trust: 0.9

sources: BID: 71421 // CNNVD: CNNVD-201412-120

SOURCES

db:	VULHUB	id:	VHN-73370
db:	BID	id:	71421
db:	JVNDB	id:	JVNDB-2014-005806
db:	CNNVD	id:	CNNVD-201412-120
db:	NVD	id:	CVE-2014-5429

LAST UPDATE DATE

2025-04-13T23:25:20.556000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-73370	date:	2014-12-08T00:00:00
db:	BID	id:	71421	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-005806	date:	2014-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201412-120	date:	2014-12-22T00:00:00
db:	NVD	id:	CVE-2014-5429	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-73370	date:	2014-12-06T00:00:00
db:	BID	id:	71421	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-005806	date:	2014-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201412-120	date:	2014-12-05T00:00:00
db:	NVD	id:	CVE-2014-5429	date:	2014-12-06T15:59:03.047