Details of VAR-201304-0401

ID

VAR-201304-0401

CVE

CVE-2013-2763

TITLE

Schneider Electric M340 PLC Module Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02816

DESCRIPTION

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. ** Unsettled ** This case has not been confirmed as a vulnerability. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems

Trust: 2.52

sources: NVD: CVE-2013-2763 // JVNDB: JVNDB-2013-006846 // CNVD: CNVD-2013-02816 // IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-62765 // VULMON: CVE-2013-2763

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02816

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m340 bmx nor 0200h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx noe 0100h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx p34-2010	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx p34-2030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx noc 0401	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx noe 0110	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx noe 0100	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmx noe 0110h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 pac	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric m340 plc modules	scope:	-	version:	-	Trust: 0.6
vendor:	modicon m340	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02816 // JVNDB: JVNDB-2013-006846 // NVD: CVE-2013-2763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2763
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2763
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-02816
value:	MEDIUM
Trust: 0.6
IVD:	03fbfde0-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-62765
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-2763
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-2763
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2013-02816
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	03fbfde0-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-62765
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02816 // VULHUB: VHN-62765 // VULMON: CVE-2013-2763 // JVNDB: JVNDB-2013-006846 // NVD: CVE-2013-2763

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-62765 // JVNDB: JVNDB-2013-006846 // NVD: CVE-2013-2763

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201304-629

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006846

PATCH

title:	Top Page	url:	https://www.schneider-electric.co.uk/en/	Trust: 0.8
title:	トップページ	url:	https://www.se.com/jp/ja/	Trust: 0.8
title:	CVE-2013-2763	url:	https://github.com/AlAIAL90/CVE-2013-2763	Trust: 0.1

sources: VULMON: CVE-2013-2763 // JVNDB: JVNDB-2013-006846

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2763	Trust: 3.4
db:	ICS CERT	id:	ICSA-13-077-01A	Trust: 2.4
db:	CNVD	id:	CNVD-2013-02816	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-006846	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-629	Trust: 0.6
db:	IVD	id:	03FBFDE0-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-62765	Trust: 0.1
db:	VULMON	id:	CVE-2013-2763	Trust: 0.1

sources: IVD: 03fbfde0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02816 // VULHUB: VHN-62765 // VULMON: CVE-2013-2763 // JVNDB: JVNDB-2013-006846 // CNNVD: CNNVD-201304-629 // NVD: CVE-2013-2763

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2763	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2763	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2763	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2013-2763	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2013-02816 // VULHUB: VHN-62765 // VULMON: CVE-2013-2763 // JVNDB: JVNDB-2013-006846 // CNNVD: CNNVD-201304-629 // NVD: CVE-2013-2763

SOURCES

db:	IVD	id:	03fbfde0-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-02816
db:	VULHUB	id:	VHN-62765
db:	VULMON	id:	CVE-2013-2763
db:	JVNDB	id:	JVNDB-2013-006846
db:	CNNVD	id:	CNNVD-201304-629
db:	NVD	id:	CVE-2013-2763

LAST UPDATE DATE

2024-11-23T21:51:40.267000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02816	date:	2013-05-28T00:00:00
db:	VULHUB	id:	VHN-62765	date:	2013-04-04T00:00:00
db:	VULMON	id:	CVE-2013-2763	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-006846	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201304-629	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2013-2763	date:	2024-11-21T01:52:19.470

SOURCES RELEASE DATE

db:	IVD	id:	03fbfde0-2353-11e6-abef-000c29c66e3d	date:	2013-04-09T00:00:00
db:	CNVD	id:	CNVD-2013-02816	date:	2013-04-09T00:00:00
db:	VULHUB	id:	VHN-62765	date:	2013-04-04T00:00:00
db:	VULMON	id:	CVE-2013-2763	date:	2013-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-006846	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201304-629	date:	2013-04-04T00:00:00
db:	NVD	id:	CVE-2013-2763	date:	2013-04-04T11:58:49.867