CVE-2014-5425 - IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds rea

CVE-2014-5425

Summary

IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-289-01

Vulnerable Configurations

cpe:2.3:a:ioserver:ioserver:-:*:*:*:*:*:*:*
cpe:2.3:a:ioserver:ioserver:-:*:*:*:*:*:*:*
cpe:2.3:a:ioserver:ioserver:1.0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:ioserver:ioserver:1.0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:ioserver:ioserver:1.0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:ioserver:ioserver:1.0.19.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 22-10-2014 - 18:15)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

https://ics-cert.us-cert.gov/advisories/ICSA-14-289-01

Last major update

22-10-2014 - 18:15

Published

19-10-2014 - 01:55

Last modified

22-10-2014 - 18:15