OTPulse
FeedAboutContact

MatrikonOPC SCADA DNP3 Master Station Improper Input Validation

Low RiskICS-CERT ICSA-13-213-04AMay 4, 2013
Summary

MatrikonOPC SCADA DNP3 OPC Server versions 1.2.0 and later fail to properly validate input on DNP3 protocol messages. An attacker can send crafted DNP3 messages to cause the server to crash or become unresponsive, disrupting SCADA data collection from connected field devices.

What this means
What could happen
An attacker could send specially crafted DNP3 protocol messages to the OPC Server, causing it to crash or malfunction, which would disrupt SCADA communications and potentially stop data collection from energy infrastructure.
Who's at risk
Energy utilities and industrial facilities using MatrikonOPC SCADA DNP3 Master Station for SCADA communications should evaluate this vulnerability. This primarily affects those with DNP3 protocol-based monitoring of generation, transmission, or distribution equipment.
How it could be exploited
An attacker with network access to the DNP3 OPC Server (typically on port 20000 or configured DNP3 port) sends malformed input that bypasses input validation checks, causing the server process to crash or enter an unstable state.
Prerequisites
  • Network access to the DNP3 OPC Server port
  • No authentication required
remotely exploitableno authentication requiredimproper input validationno patch availableaffects SCADA communications
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
SCADA DNP3 OPC Server: >=1.2.0≥ 1.2.0No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDMonitor DNP3 OPC Server logs and process status for crashes or abnormal termination; set up alerts for server restarts
Mitigations - no patch available
0/2
SCADA DNP3 OPC Server: >=1.2.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the DNP3 OPC Server from only trusted SCADA systems and engineering workstations; block inbound connections from untrusted networks
HARDENINGDeploy firewall rules to limit connections to the DNP3 OPC Server to only necessary source IP addresses and ports
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/599e0533-f9e9-407f-bde3-61036ea3e624