Details of VAR-201502-0245

ID

VAR-201502-0245

CVE

CVE-2014-9203

TITLE

MACTek Bullet DTM And multiple GE DTM Used in products HART DTM Buffer overflow vulnerability in library

Trust: 0.8

sources: JVNDB: JVNDB-2014-007859

DESCRIPTION

Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek 'HART DTM' Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2014-9203 // JVNDB: JVNDB-2014-007859 // CNVD: CNVD-2015-00995 // BID: 72524 // IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00995

AFFECTED PRODUCTS

vendor:	ge	model:	vector device type manager	scope:	eq	version:	1.00.0	Trust: 1.6
vendor:	mactek	model:	bullet device type manager	scope:	eq	version:	1.00.0	Trust: 1.0
vendor:	ge	model:	12400 level transmitter device type manager	scope:	eq	version:	1.00.0	Trust: 1.0
vendor:	ge	model:	svi ii ap positioner device type manager	scope:	eq	version:	2.00.1	Trust: 1.0
vendor:	general electric	model:	12400 level transmitter dtm	scope:	eq	version:	1.00.0	Trust: 0.8
vendor:	general electric	model:	svi ii ap positioner dtm	scope:	eq	version:	2.00.1	Trust: 0.8
vendor:	general electric	model:	svi1000 positioner dtm	scope:	eq	version:	1.00.0	Trust: 0.8
vendor:	general electric	model:	vector dtm	scope:	eq	version:	1.00.0	Trust: 0.8
vendor:	mactek	model:	bullet wirelesshart device type manager	scope:	eq	version:	(dtm) 1.00.0	Trust: 0.8
vendor:	general	model:	electric mactek bullet dtm	scope:	eq	version:	1.00.0	Trust: 0.6
vendor:	12400 level transmitter device type manager	model:	-	scope:	eq	version:	1.00.0	Trust: 0.2
vendor:	svi ii ap positioner device type manager	model:	-	scope:	eq	version:	2.00.1	Trust: 0.2
vendor:	vector device type manager	model:	-	scope:	eq	version:	1.00.0	Trust: 0.2
vendor:	bullet device type manager	model:	-	scope:	eq	version:	1.00.0	Trust: 0.2

sources: IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00995 // JVNDB: JVNDB-2014-007859 // CNNVD: CNNVD-201502-133 // NVD: CVE-2014-9203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9203
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9203
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-00995
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201502-133
value:	MEDIUM
Trust: 0.6
IVD:	a3a0ad20-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-9203
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-00995
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a3a0ad20-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00995 // JVNDB: JVNDB-2014-007859 // CNNVD: CNNVD-201502-133 // NVD: CVE-2014-9203

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2014-007859 // NVD: CVE-2014-9203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-133

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201502-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007859

PATCH

title:	GEOG 15-01_Security_Advisory_HART DTM	url:	http://d3qm6x350yyq59.cloudfront.net/sites/geog.dev.local/files/geog_15-01_security_advisory_hart_dtm.pdf	Trust: 0.8
title:	Download Center	url:	http://www.ge-mcs.com/en/download.html	Trust: 0.8
title:	Bullet_DTM_1_00_1.exe	url:	https://mactekcorp.com/downloadFiles/Bullet_DTM_1_00_1.exe	Trust: 0.8
title:	BULLET WirelessHART Adapter	url:	https://mactekcorp.com/product6a.php	Trust: 0.8
title:	General Electric (GE) and MACTek 'HART DTM' Library have patches for denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/55174	Trust: 0.6
title:	VECTOR_DTM_Installer_V1.00.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53668	Trust: 0.6
title:	SVI_II_AP_DTM_Installer_V2.10.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53671	Trust: 0.6
title:	SVi1000_DTM_Installer_V1.00.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53670	Trust: 0.6
title:	12400_DTM_Installer_V1.00.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53669	Trust: 0.6

sources: CNVD: CNVD-2015-00995 // JVNDB: JVNDB-2014-007859 // CNNVD: CNNVD-201502-133

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9203	Trust: 3.5
db:	ICS CERT	id:	ICSA-15-036-01	Trust: 2.7
db:	BID	id:	72524	Trust: 0.9
db:	CNVD	id:	CNVD-2015-00995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-133	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007859	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-036-01A	Trust: 0.3
db:	IVD	id:	A3A0AD20-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: a3a0ad20-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00995 // BID: 72524 // JVNDB: JVNDB-2014-007859 // CNNVD: CNNVD-201502-133 // NVD: CVE-2014-9203

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-036-01	Trust: 2.7
url:	http://www.geoilandgas.com/securityadvisory	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9203	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9203	Trust: 0.8
url:	http://www.securityfocus.com/bid/72524	Trust: 0.6
url:	http://www.ge.com/	Trust: 0.3
url:	https://mactekcorp.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-036-01a	Trust: 0.3

sources: CNVD: CNVD-2015-00995 // BID: 72524 // JVNDB: JVNDB-2014-007859 // CNNVD: CNNVD-201502-133 // NVD: CVE-2014-9203

CREDITS

Alexander Bolshev

Trust: 0.3

sources: BID: 72524

SOURCES

db:	IVD	id:	a3a0ad20-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-00995
db:	BID	id:	72524
db:	JVNDB	id:	JVNDB-2014-007859
db:	CNNVD	id:	CNNVD-201502-133
db:	NVD	id:	CVE-2014-9203

LAST UPDATE DATE

2025-04-13T23:27:33.904000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00995	date:	2015-02-10T00:00:00
db:	BID	id:	72524	date:	2015-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-007859	date:	2015-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201502-133	date:	2015-02-09T00:00:00
db:	NVD	id:	CVE-2014-9203	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	a3a0ad20-2351-11e6-abef-000c29c66e3d	date:	2015-02-10T00:00:00
db:	CNVD	id:	CNVD-2015-00995	date:	2015-02-10T00:00:00
db:	BID	id:	72524	date:	2015-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-007859	date:	2015-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201502-133	date:	2015-02-09T00:00:00
db:	NVD	id:	CVE-2014-9203	date:	2015-02-07T15:59:00.050