Release date:
Updated on: 2014-06-03
Affected Systems:
Trianglemicroworks SCADA Data Gateway <3.00.0635
Trianglemicroworks SCADA Data Gateway
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67723
CVE (CAN) ID: CVE-2014-2343
SCADA Data Gateway is a Windows Application for system integrators and public utilities. It can collect OPC, IEC 60870-6 (TASE.2/ICCP), IEC 61850, IEC 60870-5, DNP3, the data on the Modbus Server/Slave Device is then transmitted to the Client supporting OPC, IEC 60870-6 (TASE.2/ICCP), IEC 60870-5, DNP3, other Control Systems of Modbus Client/Master communication protocols.
Before SCADA Data Gateway 3.00.0635, a security vulnerability exists when processing DNP requests specially crafted on a serial line. Attackers with close physical locations can cause denial of service (excessive Data processing ).
<* Source: Adam Crain
Chris Sistrunk
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Trianglemicroworks
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.trianglemicroworks.com/products/scada-data-gateway
Http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new
Reference: http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01
This article permanently updates the link address: