Sign-up

ID

VAR-190001-1159


TITLE

SEL-2032 Communications Processor Denial of Service Security Bypass Vulnerability

Trust: 0.8

sources: IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0328

DESCRIPTION

The SEL-2032 Communications Processor is a communications processor used by Schneider. The SEL-2032 Communications Processor SCADA remote terminal unit uses the plain text protocol for password verification. In addition, the attacker can crash the service program through telnet and port 1024/TCP. An attacker could exploit a vulnerability to perform a denial of service attack on a service or obtain sensitive information to bypass security restrictions. SEL-2032 Communications Processor is prone to a denial-of-service vulnerability and a security-bypass vulnerability. Attackers can exploit these issues to perform denial-of-service attacks or gain unauthorized access to the affected device. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SEL-2032 Communications Processor Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47739 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47739/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47739 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47739/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47739/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47739 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SEL-2032 Communications Processor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing certain packets and can be exploited to crash the device. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Dillon Beresford via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-04.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: CNVD: CNVD-2012-0328 // BID: 51604 // IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d // PACKETSTORM: 108985

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0328

AFFECTED PRODUCTS

vendor:schweitzer engineering laboratoriesmodel:sel-2032 communications processorscope:eqversion:0

Trust: 1.1

sources: IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0328 // BID: 51604

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-373

TYPE

Unknown

Trust: 0.3

sources: BID: 51604

EXTERNAL IDS

db:BIDid:51604

Trust: 1.5

db:ICS CERT ALERTid:ICS-ALERT-12-020-04

Trust: 1.0

db:CNVDid:CNVD-2012-0328

Trust: 0.8

db:CNNVDid:CNNVD-201201-373

Trust: 0.6

db:IVDid:1F40361E-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SECUNIAid:47739

Trust: 0.2

db:PACKETSTORMid:108985

Trust: 0.1

sources: IVD: 1f40361e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0328 // BID: 51604 // PACKETSTORM: 108985 // CNNVD: CNNVD-201201-373

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-04.pdf

Trust: 1.0

url:http://www.securityfocus.com/bid/51604

Trust: 0.6

url:http://www.selinc.com/sel-2032/

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47739

Trust: 0.1

url:http://secunia.com/advisories/47739/

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/47739/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-0328 // BID: 51604 // PACKETSTORM: 108985 // CNNVD: CNNVD-201201-373

CREDITS

Dillon Beresford

Trust: 0.9

sources: BID: 51604 // CNNVD: CNNVD-201201-373

SOURCES

db:IVDid:1f40361e-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0328
db:BIDid:51604
db:PACKETSTORMid:108985
db:CNNVDid:CNNVD-201201-373

LAST UPDATE DATE

2022-05-17T22:28:31.883000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0328date:2012-02-01T00:00:00
db:BIDid:51604date:2012-01-20T00:00:00
db:CNNVDid:CNNVD-201201-373date:2012-02-01T00:00:00

SOURCES RELEASE DATE

db:IVDid:1f40361e-1f77-11e6-abef-000c29c66e3ddate:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-0328date:2012-02-01T00:00:00
db:BIDid:51604date:2012-01-20T00:00:00
db:PACKETSTORMid:108985date:2012-01-23T08:11:29
db:CNNVDid:CNNVD-201201-373date:1900-01-01T00:00:00