PT-2026-4983

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

EUVD-2013-2733

Malware in sbrugna...

CVE-2013-2793

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet...

SUSE CVE-2016-2523

The dnp3alprocessobject function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service infinite loop via a crafted packet...

VulnCheck KEV: CVE-2015-5374

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant...

Bro Buffer Overflow Vulnerability

Bro is an open source framework for network analysis and security monitoring . A security vulnerability exists in the analyzer/protocol/dnp3/DNP3.cc file in Bro versions prior to 2.3.2, which stems from the program failing to properly handle packets of zero length. A remote attacker could exploit...

Buffer overflow

analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service buffer overflow or buffer over-read via a crafted DNP3 packet...

Software Toolbox Top Server Resource Exhaustion Vulnerability

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Software Toolbox Top Server application. Software Toolbox has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECT...

Elipse SCADA Denial of Service Patch

Brazilian process management software developer Elipse has patched a serious denial-of-service vulnerability in its web-based Elipse SCADA application. The software is used in a number of critical industries worldwide, including manufacturing, energy, water and wastewater plants. The vulnerabilit...

IOServer Resource Exhaustion Vulnerability

OVERVIEW Chris Sistrunk of Mandiant and Adam Crain of Automatak have identified an out of bound read vulnerability in the IOServer application. IOServer has produced a new version that mitigates this vulnerability. Adam Crain has tested the new version to validate that it resolves the...

NovaTech Orion DNP3 Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the NovaTech Orion Substation Automation Platform. NovaTech has produced a firmware update that mitigates this vulnerability. The researchers have tested the...

Cooper Power Systems Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. Coope...

CVE-2013-2793

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet...

Design/Logic Flaw

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

CVE-2013-2794

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

CVE-2013-2793

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet...

Wireshark sniffer DoS

Infinite loop on DNP3 protocol parsing...