{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-07T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-23T18:10:04", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2823", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805", "refsource": "CONFIRM", "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02"}, {"name": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf", "refsource": "CONFIRM", "url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2823", "datePublished": "2013-11-22T01:00:00", "dateReserved": "2013-04-11T00:00:00", "dateUpdated": "2013-11-23T18:10:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:catapultsoftware:catapult_dnp3_i\\/o_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D4D11DB-CF90-4ADD-AB95-9815FC90F97B", "versionEndIncluding": "7.20.56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:*:j:*:*:*:*:*:*", "matchCriteriaId": "9FBAD16C-05F0-4D83-8FE7-F3FD0E2B75C7", "versionEndIncluding": "7.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:-:*:*:*:*:*:*", "matchCriteriaId": "92C2AB50-34CB-4296-8CCE-B98026DB4F0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:a:*:*:*:*:*:*", "matchCriteriaId": "4BE9590D-9264-4942-A18C-8629420FBB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:b:*:*:*:*:*:*", "matchCriteriaId": "A013ED7F-92C1-42C4-A6AB-4A419BA11611", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:c:*:*:*:*:*:*", "matchCriteriaId": "FA7AE477-C0A4-497E-8F7B-9D656DC41B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:d:*:*:*:*:*:*", "matchCriteriaId": "C8AECEB6-867F-4796-B56C-C3C8BC53D691", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:e:*:*:*:*:*:*", "matchCriteriaId": "9ABC3786-A578-4BF3-AF3D-A470BD7565CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:f:*:*:*:*:*:*", "matchCriteriaId": "142CA198-EF41-4FFD-BB40-F9B41C4841F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:g:*:*:*:*:*:*", "matchCriteriaId": "F058E97B-0B63-4059-968D-9D282570283B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:h:*:*:*:*:*:*", "matchCriteriaId": "ED4490C3-8CE5-4715-8E19-1793ED16354D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_dnp3_i\\/o_driver:7.20:i:*:*:*:*:*:*", "matchCriteriaId": "91B378AA-1AFA-44D7-8403-C898C3DAE85D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_ifix:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "65A4CBC3-3B98-4700-8710-4D4FFCA55315", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_ifix:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5ABA340B-B00B-41EC-8270-68139B63D09A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line."}, {"lang": "es", "value": "El driver (1) Catapult DNP3 I/O anterior a la versi\u00f3n 7.2.0.60 y el driver (2) GE Intelligent Platforms Proficy DNP3 I/O anterior a la versi\u00f3n 7.20k, tal y como se usa en DNPDrv.exe (tambi\u00e9n conocido como servidor de estaci\u00f3n maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY y iFIX, permite f\u00edsicamente a atacantes pr\u00f3ximos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una entrada manipulada sobre una linea de serie."}], "id": "CVE-2013-2823", "lastModified": "2013-11-22T13:38:04.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-22T01:55:03.917", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}