github - ghsa-8wj5-jh5x-f76j

GHSA-8WJ5-JH5X-F76J

Vulnerability from github – Published: 2022-05-17 04:38 – Updated: 2025-10-03 18:31

Details

The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-11T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.",
  "id": "GHSA-8wj5-jh5x-f76j",
  "modified": "2025-10-03T18:31:18Z",
  "published": "2022-05-17T04:38:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2357"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-196-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-2357 (GCVE-0-2014-2357)

Vulnerability from cvelistv5 – Published: 2014-08-11 22:00 – Updated: 2025-10-03 17:14

Summary

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/news-events/ics-advisories/i…

Impacted products

	Vendor	Product	Version
	SUBNET	SubSTATION Server 2 Telegyr 8979 Master Protocol	Affected: all versions

Credits

Adam Crain of Automatak and Chris Sistrunk of Mandiant

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SubSTATION Server 2 Telegyr 8979 Master Protocol",
          "vendor": "SUBNET",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Adam Crain of Automatak and Chris Sistrunk of Mandiant"
        }
      ],
      "datePublic": "2014-07-31T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.\u003c/p\u003e"
            }
          ],
          "value": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-03T17:14:03.235Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-196-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSUBNET has produced hot fix \u201cSSNET v2.12 HF18808\u201d to resolve this issue.\u003c/p\u003e\u003cp\u003eThis hot fix can be obtained by secure FTP provided by the SUBNET \nsupport department. Please contact SUBNET Customer Support at: (403) \n270-8885, or by email at: \u003ca target=\"_blank\" rel=\"nofollow\"\u003esupport@SUBNET.com\u0026nbsp;\u003c/a\u003eand reference SUBNET Release Bulletin \u201cSubSTATION Server 2.12 HF18808 \nRelease, 21  May 2014\u201d for a copy of this release bulletin and \ndownload/installation information (This bulletin is being sent to \nregistered users only).\u003c/p\u003e\n\u003cp\u003eVendor Recommendation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe exploit results in an unrecoverable exception, but all software \ncomponents are registered as Services under Windows and can be \nconfigured to automatically restart after any stoppage. Users can \nconfigure the service to automatically restart, which limits the DoS to a\n momentary disruption.\u003c/li\u003e\n\u003cli\u003eBackward compatible releases will be available by request for customers using older versions of SubSTATION Server.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "SUBNET has produced hot fix \u201cSSNET v2.12 HF18808\u201d to resolve this issue.\n\nThis hot fix can be obtained by secure FTP provided by the SUBNET \nsupport department. Please contact SUBNET Customer Support at: (403) \n270-8885, or by email at: support@SUBNET.com\u00a0and reference SUBNET Release Bulletin \u201cSubSTATION Server 2.12 HF18808 \nRelease, 21  May 2014\u201d for a copy of this release bulletin and \ndownload/installation information (This bulletin is being sent to \nregistered users only).\n\n\nVendor Recommendation:\n\n\n\n  *  The exploit results in an unrecoverable exception, but all software \ncomponents are registered as Services under Windows and can be \nconfigured to automatically restart after any stoppage. Users can \nconfigure the service to automatically restart, which limits the DoS to a\n momentary disruption.\n\n  *  Backward compatible releases will be available by request for customers using older versions of SubSTATION Server."
        }
      ],
      "source": {
        "advisory": "ICSA-14-196-01",
        "discovery": "EXTERNAL"
      },
      "title": "SUBNET SubSTATION Server 2 Telegyr 8979 Master Protocol Improper Input Validation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2357",
    "datePublished": "2014-08-11T22:00:00",
    "dateReserved": "2014-03-13T00:00:00",
    "dateUpdated": "2025-10-03T17:14:03.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-8WJ5-JH5X-F76J

CVE-2014-2357 (GCVE-0-2014-2357)

Tags

Sightings

Nomenclature