Vulnerability Details : CVE-2013-2793
Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-2793
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2793
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2013-2793
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2793
-
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01
Triangle MicroWorks Improper Input Validation | CISAUS Government Resource
- http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf
Products affected by CVE-2013-2793
- cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*
- cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*