CVE-2013-2824
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: ics-cert@hq.dhs.gov — http://www.citect.schneider-electric.com/security-DoS
Vendor advisory: ics-cert@hq.dhs.gov — http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| schneider-electric | citectscada | 7.20 | |
| schneider-electric | citectscada | 7.30 | |
| schneider-electric | powerlogic_scada | 7.20 | |
| schneider-electric | struxureware_powerscada_expert | 7.30 | |
| schneider-electric | struxureware_scada_expert_vijeo_citect | 7.20 | |
| schneider-electric | struxureware_scada_expert_vijeo_citect | 7.30 | |
| schneider-electric | struxureware_scada_expert_vijeo_citect | 7.40 | |
References
Verify integrity in audit chain (admin only). AS-IS.