Vulnerabilities > CVE-2013-2784 - Cryptographic Issues vulnerability in Triplc Nano-10 PLC and Nano-10 PLC Firmware

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
triplc
CWE-310
exploit available
NVD
Published: 2013-07-10
Updated: 2013-07-11

Summary

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502.

Vulnerable Configurations

Part Description Count
OS
Triplc
1
Hardware
Triplc
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionTri-PLC Nano-10 r81 - Denial of Service. CVE-2013-2784. Dos exploit for hardware platform
idEDB-ID:26802
last seen2016-02-03
modified2013-07-13
published2013-07-13
reporterSapling
sourcehttps://www.exploit-db.com/download/26802/
titleTri-PLC Nano-10 r81 - Denial of Service

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/122395/triplc-dos.txt
idPACKETSTORM:122395
last seen2016-12-05
published2013-07-14
reporterSapling
sourcehttps://packetstormsecurity.com/files/122395/Tri-PLC-Nano-10-r81-Denial-Of-Service.html
titleTri-PLC Nano-10 r81 Denial Of Service

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:80426
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-80426
titleTri-PLC Nano-10 r81 - Denial of Service

References