Vulnerabilities > CVE-2013-2824 - Unspecified vulnerability in Schneider-Electric products

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
schneider-electric

Summary

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet.

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2013-2824 施耐德电气为100多个国家的能源及基础设施、工业、数据中心及网络、楼宇和住宅市场提供整体解决方案。其中多个产品使用的SESU工具用于更新windows PC系统上的软件。 Schneider Electric多个产品服务器存在拒绝服务攻击,允许远程攻击者利用漏洞发送特制的报文,可使进程停止响应,造成拒绝服务攻击。 0 Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40 Schneider Electric Vijeo Citect 7.20 - 7.30SP1 Schneider Electric CitectSCADA 7.20 - 7.30SP1 Schneider Electric StruxureWare PowerSCADA Expert 7.30 - 7.30SR1 Schneider Electric PowerLogic SCADA 7.20 - 7.20SR1 用户可参考如下厂商提供的安全补丁以修复该漏洞: HF740RTM60777.1 for SCADA Expert Vijeo Citect v7.40 http://www.citect.schneider-electric.com/se-vjc-HF740RTM607771 HF730SP160775.1 for Vijeo Citect v7.30 SP1 http://www.citect.schneider-electric.com/vc-HF730SP1607751 HF720SP460769.1 for Vijeo Citect v7.20 SP4 http://www.citect.schneider-electric.com/vc-HF720SP4607691 HF740RTM60777.1 for CitectSCADA v7.40 http://www.citect.schneider-electric.com/cs-HF740RTM607771 HF730SP160775.1 for CitectSCADA v7.30 SP1 http://www.citect.schneider-electric.com/cs-HF730SP1607751 HF720SP460769.1 for CitectSCADA v7.20 SP4 http://www.citect.schneider-electric.com/cs-HF720SP4607691 HF730SP1608004 for PowerSCADA Expert v7.30 SR1 http://www.citect.schneider-electric.com/pse-HF730SP160804 HF720SP460803 for PowerLogic SCADA v7.20 SR1 http://www.citect.schneider-electric.com/pls-HF720SP460803
idSSV:61602
last seen2017-11-19
modified2014-02-28
published2014-02-28
reporterRoot
titleSchneider Electric SCADA多个产品异常处理拒绝服务漏洞