Triangle MicroWorks Improper Input Validation
Low RiskICS-CERT ICSA-13-240-01May 31, 2013
Summary
Triangle MicroWorks SCADA Data Gateway and DNP3 protocol components contain improper input validation vulnerabilities (CWE-20, CWE-119) that fail to properly check the bounds and type of user-supplied input. An attacker could exploit this via a buffer overflow (CWE-119) to cause memory corruption or denial of service. The vulnerability affects SCADA Data Gateway versions 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components versions 3.06.0.171 through 3.15.0.369, and DNP3 ANSI C source code libraries versions 3.06.0000 through 3.15.0000. No patch is available from the vendor.
What this means
What could happen
An attacker could send specially crafted input to Triangle MicroWorks SCADA devices, causing a buffer overflow or memory corruption that may crash the application or allow arbitrary code execution on critical infrastructure control systems.
Who's at risk
Electric utilities and energy sector operators using Triangle MicroWorks SCADA Data Gateway, DNP3 .NET Protocol components, or DNP3 ANSI C libraries for remote terminal unit (RTU) communication and grid control. This affects legacy SCADA systems managing power distribution and generation.
How it could be exploited
An attacker sends malformed input (exceeding buffer boundaries) to the affected SCADA Data Gateway or DNP3 protocol components. The improper input validation fails to check input length or type, allowing the malicious data to overflow memory or corrupt the application state, leading to denial of service or code execution.
Prerequisites
- Network access to SCADA Data Gateway port or DNP3 protocol endpoint
- No authentication required to send input to affected component
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety/critical infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
SCADA Data Gateway: >=v2.50.0309|<=v3.00.0616≥ v2.50.0309|≤ v3.00.0616No fix (EOL)
DNP3 .NET Protocol components: >=v3.06.0.171|<=v3.15.0.369≥ v3.06.0.171|≤ v3.15.0.369No fix (EOL)
DNP3 ANSI C source code libraries: >=v3.06.0000|<=v3.15.0000≥ v3.06.0000|≤ v3.15.0000No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation to restrict access to SCADA Data Gateway and DNP3 components to only authorized engineering and control network traffic
HARDENINGDeploy firewall rules to limit inbound connections to SCADA gateway ports to trusted IP addresses and subnets only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXEvaluate upgrade path to newer Triangle MicroWorks products with input validation fixes when available or feasible within maintenance windows
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: SCADA Data Gateway: >=v2.50.0309|<=v3.00.0616, DNP3 .NET Protocol components: >=v3.06.0.171|<=v3.15.0.369, DNP3 ANSI C source code libraries: >=v3.06.0000|<=v3.15.0000. Apply the following compensating controls:
HARDENINGMonitor network traffic to SCADA systems for suspicious or malformed inputs that exceed expected data lengths
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/21f7c5f2-a73c-43eb-9702-2fc249dcb55b