var-201308-0165
Vulnerability from variot
The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. IOServer is a Windows-based OPC server that allows OPC clients such as human-machine interfaces and monitoring and data acquisition systems to exchange factory data with programmable logic circuits. The IOServer driver does not verify or correctly verify the input on the primary server on port 20000/TCP, which can affect the control flow or database flow of the program. When an attacker can submit a special request to make the IOServer enter an infinite loop without exiting, you need to manually restart to get the normal function. Multiple IOServer drivers are prone to a remote denial-of-service vulnerability. This will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ioserver",
"scope": "eq",
"trust": 1.6,
"vendor": "ioserver",
"version": null
},
{
"model": "ioserver",
"scope": "eq",
"trust": 0.8,
"vendor": "ioserver",
"version": "master-station dnp3 driver beta2041.exe"
},
{
"model": "ioserver",
"scope": "lt",
"trust": 0.8,
"vendor": "ioserver",
"version": "master-station dnp3 driver driver19.exe"
},
{
"model": "beta driver",
"scope": null,
"trust": 0.6,
"vendor": "ioserver",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ioserver",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ioserver:ioserver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "61577"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2790",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-11627",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c86a2036-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2790",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-11627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. IOServer is a Windows-based OPC server that allows OPC clients such as human-machine interfaces and monitoring and data acquisition systems to exchange factory data with programmable logic circuits. The IOServer driver does not verify or correctly verify the input on the primary server on port 20000/TCP, which can affect the control flow or database flow of the program. When an attacker can submit a special request to make the IOServer enter an infinite loop without exiting, you need to manually restart to get the normal function. Multiple IOServer drivers are prone to a remote denial-of-service vulnerability. This will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2790"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "BID",
"id": "61577"
},
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2790",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-213-03",
"trust": 3.0
},
{
"db": "BID",
"id": "61577",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-11627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717",
"trust": 0.8
},
{
"db": "IVD",
"id": "C86A2036-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "BID",
"id": "61577"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"id": "VAR-201308-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
}
]
},
"last_update_date": "2024-08-14T14:34:18.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ioserver.com/"
},
{
"title": "Multiple IOServer Drivers denial of service vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/38038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-213-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2790"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2790"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61577"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"db": "BID",
"id": "61577"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-06T00:00:00",
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61577"
},
{
"date": "2013-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"date": "2013-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"date": "2013-08-13T15:04:18.597000",
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11627"
},
{
"date": "2013-10-21T00:18:00",
"db": "BID",
"id": "61577"
},
{
"date": "2013-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003717"
},
{
"date": "2013-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-109"
},
{
"date": "2013-08-13T18:39:42.273000",
"db": "NVD",
"id": "CVE-2013-2790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IOServer of master-station DNP3 Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c86a2036-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-109"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…