Design/Logic Flaw

2013-11-2201:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.

CPENameOperatorVersion
catapult_dnp3_i\\/o_driverle7.20.56
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 h
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 g
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 a
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 f
intelligent_platforms_proficy_dnp3_i\\/o_driverle7.20
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 c
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 e
intelligent_platforms_proficy_dnp3_i\\/o_drivereq7.20 d

Name	Operator	Version
catapult_dnp3_i\\/o_driver	le	7.20.56
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 h
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 g
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 a
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 f
intelligent_platforms_proficy_dnp3_i\\/o_driver	le	7.20
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 c
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 e
intelligent_platforms_proficy_dnp3_i\\/o_driver	eq	7.20 d

Rows per page:

1-10 of 191

References

ics-cert.us-cert.gov/advisories/ICSA-13-297-01

ics-cert.us-cert.gov/advisories/ICSA-13-297-02

support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805

support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf