Alstom e-Terracontrol DNP3 Master Improper Input Validation (Update A)

Low RiskICS-CERT ICSA-13-282-01AJul 12, 2013

Summary

Alstom e-terracontrol DNP3 Master versions 3.5, 3.6, and 3.7 fail to properly validate input in DNP3 protocol messages. A remote attacker can send malformed DNP3 packets to cause the application to crash or become unresponsive, disrupting communication with remote terminal units and supervisory control logic.

What this means

What could happen

An attacker who can reach the e-terracontrol DNP3 Master service could send malformed DNP3 protocol messages to cause the application to crash or hang, disrupting communication with remote terminal units and potentially halting grid monitoring or control operations.

Who's at risk

Water and electric utilities using Alstom e-terracontrol for SCADA/EMS systems should care. This affects supervisory control software that coordinates remote terminal units and distributed generation across the grid. Any site running affected versions (3.5, 3.6, or 3.7) is at risk.

How it could be exploited

An attacker on the network sends crafted DNP3 protocol packets to the e-terracontrol Master listening on its DNP3 port. The Master fails to properly validate the message structure and either crashes or enters a hung state, breaking communication with downstream RTUs and SCADA endpoints.

Prerequisites

Network access to the e-terracontrol DNP3 Master port (typically 20000 or configured alternate)

Remotely exploitableNo patch availableProtocol parsing vulnerabilityDenial of service impact

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

e-terracontrol: 3.5|3.6|3.73.5|3.6|3.7No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict DNP3 traffic to authorized sources only (e.g., known RTUs and engineering stations)

WORKAROUNDMonitor e-terracontrol service health and logs for unexpected crashes or hung processes; establish automated restart procedures if the service becomes unresponsive

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Alstom directly to determine if a patch or workaround is available, as CISA has not published a fix; document any vendor guidance and apply when released

Mitigations - no patch available

0/1

e-terracontrol: 3.5|3.6|3.7 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate e-terracontrol systems on a dedicated VLAN or air-gapped network if operationally feasible to reduce external attack surface

CVEs (2)

CVE-2013-2787 CVE-2013-2818

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/10a034b9-bc7b-47f3-9666-4e2f48597d36