var-201401-0247
Vulnerability from variot
The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. Telvent SAGE 3030 RTU C3413-500-001D3_P4 and C3413-500-001F0_PB are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telvent sage 3030",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "c3413-500-001d3_p4"
},
{
"model": "telvent sage 3030",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "c3413-500-001f0_pb"
},
{
"model": "electric telvent sage rtu c3413-500-001d3 p4",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3030"
},
{
"model": "electric telvent sage rtu c3413-500-001f0 pb",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3030"
},
{
"model": "c3413-500-001d3 p4",
"scope": null,
"trust": 0.2,
"vendor": "telvent sage 3030",
"version": null
},
{
"model": "c3413-500-001f0 pb",
"scope": null,
"trust": 0.2,
"vendor": "telvent sage 3030",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:telvent_sage_3030",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain, Automatak, and Chris Sistrunk.",
"sources": [
{
"db": "BID",
"id": "65262"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6143",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00752",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-66145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6143",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6143",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00752",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-606",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66145",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. \nAttackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. \nTelvent SAGE 3030 RTU C3413-500-001D3_P4 and C3413-500-001F0_PB are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6143"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-66145"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6143",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-006-01",
"trust": 3.1
},
{
"db": "BID",
"id": "65262",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-00752",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606",
"trust": 0.8
},
{
"db": "XF",
"id": "90840",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "56712",
"trust": 0.6
},
{
"db": "IVD",
"id": "3FDF90A2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-66145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"id": "VAR-201401-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
}
]
},
"last_update_date": "2024-11-23T22:59:41.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/"
},
{
"title": "Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-006-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6143"
},
{
"trust": 0.8,
"url": "https://xforce.iss.net/xforce/xfdb/90840"
},
{
"trust": 0.8,
"url": "https://infrastructurecommunity.schneider-electric.com/servlet/jiveservlet/downloadbody/2966-102-1-4299/sage%20rtu%20dnp%20security%20bulletin%20123013%200102.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56712/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "VULHUB",
"id": "VHN-66145"
},
{
"db": "BID",
"id": "65262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"date": "2014-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66145"
},
{
"date": "2014-01-30T00:00:00",
"db": "BID",
"id": "65262"
},
{
"date": "2014-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"date": "2014-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"date": "2014-01-31T16:55:05.077000",
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"date": "2014-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-66145"
},
{
"date": "2015-03-19T08:13:00",
"db": "BID",
"id": "65262"
},
{
"date": "2014-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005974"
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-606"
},
{
"date": "2024-11-21T01:58:44.950000",
"db": "NVD",
"id": "CVE-2013-6143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Telvent SAGE 3030 RTUs Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00752"
},
{
"db": "BID",
"id": "65262"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "3fdf90a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-606"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…