cvelistv5 - CVE-2013-2793

CVE-2013-2793 (GCVE-0-2013-2793)

Vulnerability from cvelistv5 – Published: 2013-09-09 10:00 – Updated: 2024-09-16 23:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

icscert

References

URL

FKIE_CVE-2013-2793

Vulnerability from fkie_nvd - Published: 2013-09-09 11:39 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01	US Government Resource
ics-cert@hq.dhs.gov	http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf

Impacted products

Vendor	Product	Version
trianglemicroworks	.net_communication_protocol_components	3.06.0.171
trianglemicroworks	.net_communication_protocol_components	3.15.0.369
trianglemicroworks	ansi_c_source_code_libraries	3.06.0000
trianglemicroworks	ansi_c_source_code_libraries	3.15.0000
trianglemicroworks	scada_data_gateway	2.50
trianglemicroworks	scada_data_gateway	2.50.0309
trianglemicroworks	scada_data_gateway	3.00.0616

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA2B53-1513-4DDF-B325-025FEFA5E16B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
              "matchCriteriaId": "045F45E6-DB41-4D65-968B-CD04596004D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DECC05A-BB49-47AD-841A-0D16582C3BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB98E06-B56D-4168-A94C-8D7FCBA58FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2626C47-B68A-4A21-B5A2-9D64A28A7120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D2B52D-B324-4115-A3BB-51E3BF97758B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C679459-44C7-454C-9894-87ABE1F710F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet."
    },
    {
      "lang": "es",
      "value": "Triangle MicroWorks SCADA Data Gateway  2.50.0309 hasta 3.00.0616 , Componentes de Protocolo DNP3 .NET 3.06.0.171 hasta 3.15.0.369 y Librer\u00edas C DNP3 3.06.0000 hasta 3.15.0000 permiten a un atacante remoto causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un paquete TCP DNP3 manipulado."
    }
  ],
  "id": "CVE-2013-2793",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-09T11:39:08.427",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-13-240-01

Vulnerability from csaf_cisa - Published: 2013-05-31 06:00 - Updated: 2025-06-06 18:40

Summary

Triangle MicroWorks Improper Input Validation

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-13-240-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2013/icsa-13-240-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-13-240-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-240-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Triangle MicroWorks Improper Input Validation",
    "tracking": {
      "current_release_date": "2025-06-06T18:40:07.718354Z",
      "generator": {
        "date": "2025-06-06T18:40:07.718285Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-13-240-01",
      "initial_release_date": "2013-05-31T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2013-05-31T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-06T18:40:07.718354Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=v2.50.0309|\u003c=v3.00.0616",
                "product": {
                  "name": "Triangle MicroWorks SCADA Data Gateway: \u003e=v2.50.0309|\u003c=v3.00.0616",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SCADA Data Gateway"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=v3.06.0.171|\u003c=v3.15.0.369",
                "product": {
                  "name": "Triangle MicroWorks DNP3 .NET Protocol components: \u003e=v3.06.0.171|\u003c=v3.15.0.369",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "DNP3 .NET Protocol components"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=v3.06.0000|\u003c=v3.15.0000",
                "product": {
                  "name": "Triangle MicroWorks DNP3 ANSI C source code libraries: \u003e=v3.06.0000|\u003c=v3.15.0000",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "DNP3 ANSI C source code libraries"
          }
        ],
        "category": "vendor",
        "name": "Triangle MicroWorks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-2793",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Triangle MicroWorks has produced an update and release notes describing the mitigation. Please contact Triangle MicroWorks Support for details on specific platform updates here: (http://www.trianglemicroworks.com/SupportPage.htm)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.trianglemicroworks.com/SupportPage.htm"
        },
        {
          "category": "mitigation",
          "details": "Release notes are found here: (http://www.trianglemicroworks.com/documents/sdnp_scl_whats_new.pdf)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.trianglemicroworks.com/documents/sdnp_scl_whats_new.pdf"
        },
        {
          "category": "mitigation",
          "details": "Triangle MicroWorks recommends following the International Electrotechnical Commission (IEC) Technical Specification TS 62351 to reduce the risk from vulnerability. More information on recommended implementation practices for Triangle MicroWorks products is available by contacting your product representative.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 7.1,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2013-2794",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Triangle MicroWorks has produced an update and release notes describing the mitigation. Please contact Triangle MicroWorks Support for details on specific platform updates here: (http://www.trianglemicroworks.com/SupportPage.htm)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.trianglemicroworks.com/SupportPage.htm"
        },
        {
          "category": "mitigation",
          "details": "Release notes are found here: (http://www.trianglemicroworks.com/documents/sdnp_scl_whats_new.pdf)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.trianglemicroworks.com/documents/sdnp_scl_whats_new.pdf"
        },
        {
          "category": "mitigation",
          "details": "Triangle MicroWorks recommends following the International Electrotechnical Commission (IEC) Technical Specification TS 62351 to reduce the risk from vulnerability. More information on recommended implementation practices for Triangle MicroWorks products is available by contacting your product representative.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 4.7,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

GHSA-3548-54W8-X56Q

Vulnerability from github – Published: 2022-05-17 05:04 – Updated: 2022-05-17 05:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-2793"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-09T11:39:00Z",
    "severity": "HIGH"
  },
  "details": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.",
  "id": "GHSA-3548-54w8-x56q",
  "modified": "2022-05-17T05:04:19Z",
  "published": "2022-05-17T05:04:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2793"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01"
    },
    {
      "type": "WEB",
      "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-2793

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-2793

Aliases

CVE-2013-2793

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-2793",
    "description": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.",
    "id": "GSD-2013-2793"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-2793"
      ],
      "details": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.",
      "id": "GSD-2013-2793",
      "modified": "2023-12-13T01:22:17.675300Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2013-2793",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01",
            "refsource": "MISC",
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01"
          },
          {
            "name": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2013-2793"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-09-25T21:58Z",
      "publishedDate": "2013-09-09T11:39Z"
    }
  }
}

VAR-201309-0200

Vulnerability from variot - Updated: 2023-12-18 13:34

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0200",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ansi c source code libraries",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "3.06.0000"
      },
      {
        "model": "scada data gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "2.50"
      },
      {
        "model": ".net communication protocol components",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "3.06.0.171"
      },
      {
        "model": "scada data gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "3.00.0616"
      },
      {
        "model": "ansi c source code libraries",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "3.15.0000"
      },
      {
        "model": "scada data gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "2.50.0309"
      },
      {
        "model": ".net communication protocol components",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "trianglemicroworks",
        "version": "3.15.0.369"
      },
      {
        "model": ".net protocol components",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "triangle microworks",
        "version": "3.06.0.171 to  3.15.0.369"
      },
      {
        "model": "ansi standard c source code libraries",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "triangle microworks",
        "version": "3.06.0000 to  3.15.0000"
      },
      {
        "model": "scada data gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "triangle microworks",
        "version": "2.50.0309 to  3.00.0616"
      },
      {
        "model": "microworks scada data gateway to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "triangle",
        "version": "2.50.03093.00.0616"
      },
      {
        "model": "microworks dnp3 .net protocol components to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "triangle",
        "version": "3.06.0.1713.15.0.369"
      },
      {
        "model": "microworks dnp3 ansi c source code libraries to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "triangle",
        "version": "3.06.00003.15.0000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "net communication protocol components",
        "version": "3.06.0.171"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "net communication protocol components",
        "version": "3.15.0.369"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ansi c source code libraries",
        "version": "3.06.0000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ansi c source code libraries",
        "version": "3.15.0000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scada data gateway",
        "version": "2.50"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scada data gateway",
        "version": "2.50.0309"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scada data gateway",
        "version": "3.00.0616"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Crain of Automatak and Chris Sistrunk",
    "sources": [
      {
        "db": "BID",
        "id": "62087"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-2793",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-2793",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-12783",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-62795",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-2793",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-12783",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-536",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-62795",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNote: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "BID",
        "id": "62087"
      },
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-2793",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-13-240-01",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "62087",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "B4CCE158-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "db": "BID",
        "id": "62087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "id": "VAR-201309-0200",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      }
    ],
    "trust": 1.9
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:34:45.090000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Triangle MicroWorks, Inc. DNP3 Master Source Code Library",
        "trust": 0.8,
        "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
      },
      {
        "title": "Triangle MicroWorks Multiple Products Patches for Denial of Service Vulnerabilities Based on IP-Specific TCP Packets",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/39294"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-240-01"
      },
      {
        "trust": 2.3,
        "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2793"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2793"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/62087"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "db": "BID",
        "id": "62087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-04T00:00:00",
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-09-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "date": "2013-09-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "date": "2013-08-28T00:00:00",
        "db": "BID",
        "id": "62087"
      },
      {
        "date": "2013-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "date": "2013-09-09T11:39:08.427000",
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "date": "2013-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-12783"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62795"
      },
      {
        "date": "2013-10-21T01:19:00",
        "db": "BID",
        "id": "62087"
      },
      {
        "date": "2013-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      },
      {
        "date": "2013-09-25T21:58:15.317000",
        "db": "NVD",
        "id": "CVE-2013-2793"
      },
      {
        "date": "2013-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Triangle MicroWorks Service disruption in products  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004002"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-536"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-2793 (GCVE-0-2013-2793)

FKIE_CVE-2013-2793

ICSA-13-240-01

GHSA-3548-54W8-X56Q

GSD-2013-2793

VAR-201309-0200

Tags

Sightings

Nomenclature