Triangle MicroWorks Improper Input Validation

Low RiskICS-CERT ICSA-13-240-01May 31, 2013

Energy

Summary

Triangle MicroWorks SCADA Data Gateway and DNP3 protocol components contain improper input validation vulnerabilities (CWE-20, CWE-119) that fail to properly check the bounds and type of user-supplied input. An attacker could exploit this via a buffer overflow (CWE-119) to cause memory corruption or denial of service. The vulnerability affects SCADA Data Gateway versions 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components versions 3.06.0.171 through 3.15.0.369, and DNP3 ANSI C source code libraries versions 3.06.0000 through 3.15.0000. No patch is available from the vendor.

What this means

What could happen

An attacker could send specially crafted input to Triangle MicroWorks SCADA devices, causing a buffer overflow or memory corruption that may crash the application or allow arbitrary code execution on critical infrastructure control systems.

Who's at risk

Electric utilities and energy sector operators using Triangle MicroWorks SCADA Data Gateway, DNP3 .NET Protocol components, or DNP3 ANSI C libraries for remote terminal unit (RTU) communication and grid control. This affects legacy SCADA systems managing power distribution and generation.

How it could be exploited

An attacker sends malformed input (exceeding buffer boundaries) to the affected SCADA Data Gateway or DNP3 protocol components. The improper input validation fails to check input length or type, allowing the malicious data to overflow memory or corrupt the application state, leading to denial of service or code execution.

Prerequisites

Network access to SCADA Data Gateway port or DNP3 protocol endpoint
No authentication required to send input to affected component

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety/critical infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

SCADA Data Gateway: >=v2.50.0309|<=v3.00.0616≥ v2.50.0309|≤ v3.00.0616No fix (EOL)

DNP3 .NET Protocol components: >=v3.06.0.171|<=v3.15.0.369≥ v3.06.0.171|≤ v3.15.0.369No fix (EOL)

DNP3 ANSI C source code libraries: >=v3.06.0000|<=v3.15.0000≥ v3.06.0000|≤ v3.15.0000No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to restrict access to SCADA Data Gateway and DNP3 components to only authorized engineering and control network traffic

HARDENINGDeploy firewall rules to limit inbound connections to SCADA gateway ports to trusted IP addresses and subnets only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate upgrade path to newer Triangle MicroWorks products with input validation fixes when available or feasible within maintenance windows

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SCADA Data Gateway: >=v2.50.0309|<=v3.00.0616, DNP3 .NET Protocol components: >=v3.06.0.171|<=v3.15.0.369, DNP3 ANSI C source code libraries: >=v3.06.0000|<=v3.15.0000. Apply the following compensating controls:

HARDENINGMonitor network traffic to SCADA systems for suspicious or malformed inputs that exceed expected data lengths

CVEs (2)

CVE-2013-2793 CVE-2013-2794

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21f7c5f2-a73c-43eb-9702-2fc249dcb55b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.