PT-2013-3950 · Novatech · Orion5/Orion5R Dnp Slave+3
Adam Crain
+1
·
Published
2013-12-21
·
Updated
2013-12-26
·
CVE-2013-2821
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
NovaTech Orion Substation Automation Platform OrionLX DNP Master versions 1.27.38 and earlier
NovaTech Orion Substation Automation Platform OrionLX DNP Slave versions 1.23.10 and earlier
NovaTech Orion5/Orion5r DNP Master versions 1.27.38 and earlier
NovaTech Orion5/Orion5r DNP Slave versions 1.23.10 and earlier
Description
The issue allows remote attackers to cause a denial of service, resulting in a driver crash and process restart, via a crafted DNP3 TCP packet.
Recommendations
For NovaTech Orion Substation Automation Platform OrionLX DNP Master version 1.27.38 and earlier, update to a version that fixes the issue.
For NovaTech Orion Substation Automation Platform OrionLX DNP Slave version 1.23.10 and earlier, update to a version that fixes the issue.
For NovaTech Orion5/Orion5r DNP Master version 1.27.38 and earlier, update to a version that fixes the issue.
For NovaTech Orion5/Orion5r DNP Slave version 1.23.10 and earlier, update to a version that fixes the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Orion5/Orion5R Dnp Master
Orion5/Orion5R Dnp Slave
Orionlx Dnp Master
Orionlx Dnp Slave