VAR-201412-0520
Vulnerability from variot - Updated: 2023-12-18 13:44DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. Multiple Elipse products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected process, denying service to legitimate users. Elipse Software SCADA etc. are the products of Brazil Elipse Software Company. Elipse Software SCADA is a set of software for deploying, implementing and integrating HMI and SCADA applications; Elipse Software E3 is a set of HMI/SCADA platforms that provide support for distributed applications, mission-critical applications and control centers; Elipse Software Power is A power management suite. DNP Master Driver is a DNP (communication protocol) master driver for it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "power",
"scope": "lte",
"trust": 1.0,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "scada",
"scope": "lte",
"trust": 1.0,
"vendor": "elipse",
"version": "2.29"
},
{
"model": "e3",
"scope": "lte",
"trust": 1.0,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "e3",
"scope": "eq",
"trust": 0.8,
"vendor": "elipse",
"version": "1.0 to 4.6"
},
{
"model": "power",
"scope": "eq",
"trust": 0.8,
"vendor": "elipse",
"version": "1.0 to 4.6"
},
{
"model": "scada",
"scope": "lte",
"trust": 0.8,
"vendor": "elipse",
"version": "2.29 build 141"
},
{
"model": "e3",
"scope": "eq",
"trust": 0.6,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "scada",
"scope": "eq",
"trust": 0.6,
"vendor": "elipse",
"version": "2.29"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "software scada build",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "2.29141"
},
{
"model": "software scada",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "2.29"
},
{
"model": "software power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "software power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "1.0"
},
{
"model": "software e3",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "4.6"
},
{
"model": "software e3",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "3.2"
},
{
"model": "software e3",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "3.0"
},
{
"model": "software e3",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "1.0"
},
{
"model": "software dnp master",
"scope": "eq",
"trust": 0.3,
"vendor": "elipse",
"version": "3.03.02"
},
{
"model": "software dnp master driver",
"scope": "ne",
"trust": 0.3,
"vendor": "elipse",
"version": "4.0.21"
}
],
"sources": [
{
"db": "BID",
"id": "71421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:elipse:scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:elipse:power:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:elipse:e3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5429"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "71421"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-5429",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73370",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5429",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-120",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73370"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. Multiple Elipse products are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected process, denying service to legitimate users. Elipse Software SCADA etc. are the products of Brazil Elipse Software Company. Elipse Software SCADA is a set of software for deploying, implementing and integrating HMI and SCADA applications; Elipse Software E3 is a set of HMI/SCADA platforms that provide support for distributed applications, mission-critical applications and control centers; Elipse Software Power is A power management suite. DNP Master Driver is a DNP (communication protocol) master driver for it",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "BID",
"id": "71421"
},
{
"db": "VULHUB",
"id": "VHN-73370"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5429",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-303-02",
"trust": 2.8
},
{
"db": "BID",
"id": "71421",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-73370",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73370"
},
{
"db": "BID",
"id": "71421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"id": "VAR-201412-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73370"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:22.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.elipse.com.br/port/index.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73370"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-303-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5429"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5429"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71421"
},
{
"trust": 0.3,
"url": "http://www.elipse.com.br"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73370"
},
{
"db": "BID",
"id": "71421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-73370"
},
{
"db": "BID",
"id": "71421"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-73370"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71421"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"date": "2014-12-06T15:59:03.047000",
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"date": "2014-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-73370"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71421"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005806"
},
{
"date": "2014-12-08T19:30:31.673000",
"db": "NVD",
"id": "CVE-2014-5429"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elipse SCADA and Elipse Power of DNP Master Driver Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005806"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-120"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…