CVE-2013-2804

The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02	US Government Resource
http://support.softwaretoolbox.com/app/answers/detail/a_id/3014	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:softwaretoolbox:top_server::::::::
	cpe:2.3:a:softwaretoolbox:top_server:4.0:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.1:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.2:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.3:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.4:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.5:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.6:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.7:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.8:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.9:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.10:::::::*
	cpe:2.3:a:softwaretoolbox:top_server:5.11:::::::*

History

No history.

Information

Published : 2013-08-28 13:09

Updated : 2024-02-04 18:16

NVD link : CVE-2013-2804

Mitre link : CVE-2013-2804

CVE.ORG link : CVE-2013-2804

JSON object : View

Products Affected

softwaretoolbox

top_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-2804", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-28T13:09:15.590", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line."}, {"lang": "es", "value": "El controlador DNP Master en Software Toolbox TOP Server anterior a v5.12.140.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito en la estaci\u00f3n master) a trav\u00e9s de paquetes DNP3 manipulados hacia el puerto TCP 20000 y permite a los atacantes f\u00edsicamente pr\u00f3ximos a provocar una denegaci\u00f3n de servicio (bucle infinito en la estaci\u00f3n master) a trav\u00e9s de entrada manipulada en una l\u00ednea serie."}], "lastModified": "2013-09-06T17:49:04.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF2BD70-67A5-4F61-94C5-0863121BD4AE", "versionEndIncluding": "5.12"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A0DF1E6-F0BE-4285-8CCC-00F6223257BE"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D27D453-CFD9-4EFB-AEC7-AFAEC9C3696C"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE242188-C190-4CD0-9DF9-7E670B29F28D"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADA4AA4-7D03-4352-8E1D-92AA55CE2F9A"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1DDBDA3-BC3D-4C04-B5F7-381AA5102431"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E39D751D-0D5E-4189-89B0-B3AF5545FEE1"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E12CE9C-3117-41D9-8C4A-3338966A0682"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5730D480-BD66-40F1-8DB1-AAC4136A815C"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB70DE6A-334B-4AD8-BD28-6D4107DEA437"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E076D2-A342-4EB9-9A4D-E0CC7D48B7F1"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA6C424-0FD2-49EA-9B1D-43A2930734B1"}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9FBE9B6-C93C-43E4-B3F0-78C0A59288FC"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}