Detections
Analytics

Triangle MicroWorks SCADA Data Gateway < 3.0.635 Multiple DoS Vulnerabilities

medium Nessus Plugin ID 76574

Language:

Synopsis

The remote host is affected by multiple denial of service vulnerabilities.

Description

The remote SCADA Data Gateway install is prior to 3.0.635. It is, therefore, affected by multiple vulnerabilities :

 - Sending a specially crafted DNP3 packet can result in an excessive data processing denial of service vulnerability. (CVE-2014-2342)

 - Sending a specially crafted DNP request over a serial line can trigger an excessive data processing denial of service vulnerability. (CVE-2014-2343)

Solution

Upgrade to SCADA Data Gateway 3.0.0635 or later.

See Also

http://www.nessus.org/u?980bdd7b

Plugin Details

Severity: Medium

ID: 76574

File Name: scada_triangle_gateway_3_0_635.nbin

Version: 1.105

Type: local

Family: SCADA

Published: 7/17/2014

Updated: 11/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:trianglemicroworks:scada_data_gateway

Required KB Items: installed_sw/Triangle MicroWorks SCADA Data Gateway

Exploit Ease: No known exploits are available

Patch Publication Date: 5/29/2014

Vulnerability Publication Date: 5/29/2014

Reference Information

CVE: CVE-2014-2342, CVE-2014-2343

BID: 67722, 67723

ICSA: 14-149-01