OTPulse
FeedAboutContact

Kepware Technologies Improper Input Validation Vulnerability

Low RiskICS-CERT ICSA-13-226-01May 17, 2013
Summary

PTC Kepware Technologies DNP Master Driver for KEPServerEX contains an improper input validation vulnerability. The issue affects version 5.11.250.0. This driver component is used to enable DNP3 protocol communication in KEPServerEX industrial data gateway systems.

What this means
What could happen
An attacker could send malformed DNP3 messages to the driver, potentially causing the KEPServerEX gateway to crash or behave unpredictably, disrupting data flow from field devices to control systems or SCADA platforms.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators running PTC KEPServerEX industrial data gateways with the DNP Master Driver enabled for SCADA integration. This affects organizations that use KEPServerEX to communicate with RTUs, IEDs, or field devices using the DNP3 protocol.
How it could be exploited
An attacker with network access to port 20000 (or configured DNP3 port) on the KEPServerEX system could send crafted DNP3 protocol messages that bypass input validation checks. This could trigger a denial of service or allow code execution on the gateway server.
Prerequisites
  • Network access to KEPServerEX DNP3 listening port
  • KEPServerEX with DNP Master Driver enabled
  • No authentication required to send DNP3 messages on the network segment
remotely exploitableno authentication requiredno patch availableaffects data gateway/SCADA communicationslow EPSS score
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
DNP Master Driver for the KEPServerEX Communicaitons Platform: v5.11.250.0v5.11.250.0No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGImplement network segmentation to restrict access to KEPServerEX systems; only allow DNP3 connections from trusted field devices and control network subnets
WORKAROUNDMonitor KEPServerEX logs for unexpected DNP3 connection attempts or malformed messages; implement alerting on gateway restarts or driver failures
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXIf available, upgrade to a patched version of KEPServerEX that includes the DNP Master Driver security update; contact PTC for patch availability
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/89663921-9bbe-452e-8024-ecc9ed0cfbe7