Detections
Analytics
Schneider Electric ClearSCADA 2010 R2 < 2013 R2 Remote DoS
low Nessus Network Monitor Plugin ID 6445
Synopsis
A vulnerable version of Schneider Electric ClearSCADA has been detected.Description
ClearSCADA versions between 2010 R2 and 2013 R1.2 inclusive are affected by a remote denial of service vulnerability due to a flaw in the DNP3 driver, specifically DNP3Driver.exe. An attacker could exploit this vulnerability by sending specially crafted IP packets to crash the DNP3 driver resulting in a denial of service.Newer versions of ClearSCADA (i.e., 6.73.4729 and later) are referred to as "SCADA Expert ClearSCADA."
Solution
Upgrade to ClearSCADA 2013 R2 or later.See Also
http://download.schneider-electric.com/files?p_File_Id=331827776&p_File_Name=SEVD-2013-339-01.pdf
Plugin Details
Severity: Low
ID: 6445
Family: SCADA
Published: 4/25/2014
Updated: 3/6/2019
Nessus ID: 72201
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Low
Base Score: 3.7
Temporal Score: 3.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:X
Vulnerability Information
CPE: cpe:/a:schneider-electric:clearscada
Patch Publication Date: 12/5/2013
Vulnerability Publication Date: 12/5/2013
Reference Information
CVE: CVE-2013-6142
BID: 64813