Search criteria
6 vulnerabilities found for epaq-9410_substation_gateway by qeiinc
FKIE_CVE-2014-0762
Vulnerability from fkie_nvd - Published: 2014-08-28 01:55 - Updated: 2025-09-19 19:15
Severity ?
Summary
The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation
Gateway products, does not validate input correctly. An attacker could
cause the software to go into an infinite loop, causing the process to
crash. The system must be restarted manually to clear the condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qeiinc | epaq-9410_substation_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF7480-D726-4929-A718-00C7D71A0FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."
},
{
"lang": "es",
"value": "El controlador DNP3 en CG Automation ePAQ-9410 Substation Gateway permite a atacantes f\u00edsicamente pr\u00f3ximos causar una denegaci\u00f3n de servicio (bucle infinito o ca\u00edda del proceso) a trav\u00e9s de entradas manipuladas por una l\u00ednea de seriales."
}
],
"id": "CVE-2014-0762",
"lastModified": "2025-09-19T19:15:37.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-28T01:55:03.043",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://mail.cgautomationusa.com/login.aspx"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-0761
Vulnerability from fkie_nvd - Published: 2014-08-28 01:55 - Updated: 2025-09-19 19:15
Severity ?
Summary
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qeiinc | epaq-9410_substation_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF7480-D726-4929-A718-00C7D71A0FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
},
{
"lang": "es",
"value": "El controlador DNP3 en CG Automation ePAQ-9410 Substation Gateway permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito o ca\u00edda de proceso) a trav\u00e9s de un paquete TCP manipulado."
}
],
"id": "CVE-2014-0761",
"lastModified": "2025-09-19T19:15:37.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-28T01:55:02.933",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://mail.cgautomationusa.com/login.aspx"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2014-0762 (GCVE-0-2014-0762)
Vulnerability from cvelistv5 – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:58
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation
Gateway products, does not validate input correctly. An attacker could
cause the software to go into an infinite loop, causing the process to
crash. The system must be restarted manually to clear the condition.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition.\n\n\u003c/p\u003e"
}
],
"value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:58:30.389Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0762",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:58:30.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0761 (GCVE-0-2014-0761)
Vulnerability from cvelistv5 – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:57
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.\u003c/p\u003e"
}
],
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:57:23.317Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0761",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:57:23.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0762 (GCVE-0-2014-0762)
Vulnerability from nvd – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:58
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation
Gateway products, does not validate input correctly. An attacker could
cause the software to go into an infinite loop, causing the process to
crash. The system must be restarted manually to clear the condition.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition.\n\n\u003c/p\u003e"
}
],
"value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:58:30.389Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0762",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:58:30.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0761 (GCVE-0-2014-0761)
Vulnerability from nvd – Published: 2014-08-28 01:00 – Updated: 2025-09-19 18:57
VLAI?
Title
CG Automation ePAQ-9410 Substation Gateway Improper Input Validation
Summary
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CG Automation | ePAQ-9410 Substation Gateway |
Affected:
all versions
|
Credits
Adam Crain of Automatak
Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ePAQ-9410 Substation Gateway",
"vendor": "CG Automation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-08-26T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.\u003c/p\u003e"
}
],
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:57:23.317Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"url": "http://mail.cgautomationusa.com/login.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mail.cgautomationusa.com/login.aspx\"\u003ehttp://mail.cgautomationusa.com/login.aspx\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CG Automation has fixed this vulnerability with updated software. \nUsers may obtain the updated software by downloading from this web \naddress:\u00a0 http://mail.cgautomationusa.com/login.aspx"
}
],
"source": {
"advisory": "ICSA-14-238-01",
"discovery": "EXTERNAL"
},
"title": "CG Automation ePAQ-9410 Substation Gateway Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0761",
"datePublished": "2014-08-28T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:57:23.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}