Improper input validation in Catapultsoftware Catapult_dnp3_i\/o_driver
CVE-2013-2823
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICIT…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.008 (50.3th percentile) — read the EPSS interpretation.
Affected products
- Catapultsoftware Catapult_dnp3_i\/o_driver
- Ge Intelligent_platforms_proficy_dnp3_i\/o_driver — versions 7.20
- Ge Intelligent_platforms_proficy_hmi\/scada_cimplicity — versions 4.01, 7.5, 8.0
- Ge Intelligent_platforms_proficy_hmi\/scada_ifix — versions 5.0, 5.1
- N/a — versions n/a
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)
- ics-cert@hq.dhs.gov (US Government Resource, x_refsource_MISC)
- ics-cert@hq.dhs.gov (US Government Resource, x_refsource_MISC)
- ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)