Release date:
Updated on: 2014-06-03
Affected Systems:
Trianglemicroworks SCADA Data Gateway
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67722
CVE (CAN) ID: CVE-2014-2342
SCADA Data Gateway is a Windows Application for system integrators and public utilities. It can collect OPC, IEC 60870-6 (TASE.2/ICCP), IEC 61850, IEC 60870-5, DNP3, the data on the Modbus Server/Slave Device is then transmitted to the Client supporting OPC, IEC 60870-6 (TASE.2/ICCP), IEC 60870-5, DNP3, other Control Systems of Modbus Client/Master communication protocols.
A security vulnerability exists when SCADA Data Gateway versions earlier than 3.00.0635 process specially crafted DNP3 Data packets, which allows remote attackers to cause denial of service (excessive Data processing ).
<* Source: Adam Crain
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Trianglemicroworks
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.trianglemicroworks.com/products/scada-data-gateway
Http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new
Reference: http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01
This article permanently updates the link address: