VAR-201401-0247
Vulnerability from variot - Updated: 2023-12-18 12:30The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. Telvent SAGE 3030 RTU C3413-500-001D3_P4 and C3413-500-001F0_PB are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telvent sage 3030",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "c3413-500-001d3_p4"
},
{
"model": "telvent sage 3030",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "c3413-500-001f0_pb"
},
{
"model": "electric telvent sage rtu c3413-500-001d3 p4",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3030"
},
{
"model": "electric telvent sage rtu c3413-500-001f0 pb",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3030"
},
{
"model": "c3413-500-001d3 p4",
"scope": null,
"trust": 0.2,
"vendor": "telvent sage 3030",
"version": null
},
{
"model": "c3413-500-001f0 pb",
"scope": null,
"trust": 0.2,
"vendor": "telvent sage 3030",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:telvent_sage_3030_firmware:c3413-500-001d3_p4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:telvent_sage_3030_firmware:c3413-500-001f0_pb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain, Automatak, and Chris Sistrunk.",
"sources": [
{
"db": "BID",
"id": "65262"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-6143",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00752",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-66145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6143",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00752",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-606",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66145",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. \nAttackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. \nTelvent SAGE 3030 RTU C3413-500-001D3_P4 and C3413-500-001F0_PB are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66145"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6143",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-006-01",
"trust": 3.1
},
{
"db": "BID",
"id": "65262",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-00752",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606",
"trust": 0.8
},
{
"db": "XF",
"id": "90840",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "56712",
"trust": 0.6
},
{
"db": "IVD",
"id": "3FDF90A2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"id": "VAR-201401-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
}
]
},
"last_update_date": "2023-12-18T12:30:48.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/"
},
{
"title": "Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-006-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6143"
},
{
"trust": 0.8,
"url": "https://xforce.iss.net/xforce/xfdb/90840"
},
{
"trust": 0.8,
"url": "https://infrastructurecommunity.schneider-electric.com/servlet/jiveservlet/downloadbody/2966-102-1-4299/sage%20rtu%20dnp%20security%20bulletin%20123013%200102.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56712/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"date": "2014-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66145"
},
{
"date": "2014-01-30T00:00:00",
"db": "BID",
"id": "65262"
},
{
"date": "2014-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"date": "2014-01-31T16:55:05.077000",
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"date": "2014-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"date": "2014-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-66145"
},
{
"date": "2015-03-19T08:13:00",
"db": "BID",
"id": "65262"
},
{
"date": "2014-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"date": "2014-02-10T20:06:23.957000",
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "BID",
"id": "65262"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…