Search criteria
6 vulnerabilities found for ePAQ-9410 Substation Gateway by CG Automation
VAR-201408-0327
Vulnerability from variot - Updated: 2023-12-18 12:51The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. The ePAQ-9410 Substation Gateway has a local denial of service vulnerability because it failed to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. Note: To exploit this issue local access to the serial-based outstation is required. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epaq-9410 substation gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "qeiinc",
"version": null
},
{
"model": "epaq-9410 substation gateway",
"scope": null,
"trust": 0.8,
"vendor": "cg automation",
"version": null
},
{
"model": "epaq-9410/9420 multifunction gateway",
"scope": null,
"trust": 0.6,
"vendor": "cg automation",
"version": null
},
{
"model": "automation solutions epaq-9410 substation gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cg",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epaq 9410 substation gateway",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "69421"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0762",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-68255",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0762",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-427",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68255",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. The ePAQ-9410 Substation Gateway has a local denial of service vulnerability because it failed to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. \nNote: To exploit this issue local access to the serial-based outstation is required. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68255"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0762",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-238-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69421",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05291",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "110466",
"trust": 0.6
},
{
"db": "IVD",
"id": "975FD358-1EC2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68255",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"id": "VAR-201408-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
}
]
},
"last_update_date": "2023-12-18T12:51:51.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.qeiinc.com/"
},
{
"title": "ePAQ-9410 Substation Gateway Serial-Connected Devices Patch for Local Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/49437"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-238-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0762"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0762"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69421"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/110466"
},
{
"trust": 0.3,
"url": "http://www.qeiinc.com/epaq9410_multifunction_gateway.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68255"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69421"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"date": "2014-08-28T01:55:03.043000",
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68255"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69421"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"date": "2014-08-28T14:03:24.467000",
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ePAQ-9410 Substation Gateway Serial-Connected Devices Local Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
],
"trust": 0.8
}
}
VAR-201408-0326
Vulnerability from variot - Updated: 2023-12-18 12:51The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. ePAQ-9410 Substation Gateway Serial-Connected device has a local denial of service vulnerability due to failure to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and initiate a denial of service attack. Note: This issue affects the IP connected devices. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epaq-9410 substation gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "qeiinc",
"version": null
},
{
"model": "epaq-9410 substation gateway",
"scope": null,
"trust": 0.8,
"vendor": "cg automation",
"version": null
},
{
"model": "epaq-9410/9420 multifunction gateway",
"scope": null,
"trust": 0.6,
"vendor": "cg automation",
"version": null
},
{
"model": "automation solutions epaq-9410 substation gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cg",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epaq 9410 substation gateway",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "BID",
"id": "69419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0761"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "69419"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0761",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0761",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05286",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "596b8152-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-68254",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0761",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05286",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-426",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-68254",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "VULHUB",
"id": "VHN-68254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. ePAQ-9410 Substation Gateway Serial-Connected device has a local denial of service vulnerability due to failure to properly validate user-supplied input. An attacker could exploit this vulnerability to crash an affected device and initiate a denial of service attack. \nNote: This issue affects the IP connected devices. CG Automation ePAQ-9410 Substation Gateway is a substation gateway product deployed in the energy sector by CG Automation in the United States. A security vulnerability exists in the DNP3 driver in the CG Automation ePAQ-9410 Substation Gateway",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "BID",
"id": "69419"
},
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68254"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0761",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-238-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69419",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05286",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977",
"trust": 0.8
},
{
"db": "IVD",
"id": "596B8152-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68254",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "VULHUB",
"id": "VHN-68254"
},
{
"db": "BID",
"id": "69419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"id": "VAR-201408-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "VULHUB",
"id": "VHN-68254"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
}
]
},
"last_update_date": "2023-12-18T12:51:51.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.qeiinc.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-238-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0761"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0761"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69419/"
},
{
"trust": 0.3,
"url": "http://www.qeiinc.com/epaq9410_multifunction_gateway.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "VULHUB",
"id": "VHN-68254"
},
{
"db": "BID",
"id": "69419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"db": "VULHUB",
"id": "VHN-68254"
},
{
"db": "BID",
"id": "69419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68254"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69419"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"date": "2014-08-28T01:55:02.933000",
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05286"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68254"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69419"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003977"
},
{
"date": "2014-08-28T14:01:53.933000",
"db": "NVD",
"id": "CVE-2014-0761"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ePAQ-9410 Substation Gateway Serial-Connected Device Local Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "596b8152-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-426"
}
],
"trust": 0.8
}
}
CVE-2014-0762 (GCVE-0-2014-0762)
Vulnerability from cvelistv5 – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:58
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation
Gateway products, does not validate input correctly. An attacker could
cause the software to go into an infinite loop, causing the process to
crash. The system must be restarted manually to clear the condition.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition.\n\n\u003c/p\u003e"
}
],
"value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:58:30.389Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0762",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:58:30.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0761 (GCVE-0-2014-0761)
Vulnerability from cvelistv5 – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:57
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.\u003c/p\u003e"
}
],
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:57:23.317Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0761",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:57:23.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0762 (GCVE-0-2014-0762)
Vulnerability from nvd – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:58
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation
Gateway products, does not validate input correctly. An attacker could
cause the software to go into an infinite loop, causing the process to
crash. The system must be restarted manually to clear the condition.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition.\n\n\u003c/p\u003e"
}
],
"value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:58:30.389Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0762",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:58:30.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0761 (GCVE-0-2014-0761)
Vulnerability from nvd – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:57
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.\u003c/p\u003e"
}
],
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:57:23.317Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0761",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:57:23.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}