Catapult Software DNP3 Driver Improper Input Validation
Low RiskICS-CERT ICSA-13-297-01Jul 27, 2013
Summary
Improper input validation in Catapult Software DNP3 Driver allows remote attackers to cause denial of service or other impacts through malformed DNP3 protocol messages. The vulnerability affects the DNP driver component when installed in Proficy HMI/SCADA systems (iFIX and CIMPLICITY).
What this means
What could happen
An attacker could send crafted DNP3 messages to crash the DNP driver, disrupting communication with DNP3-based field devices and potentially halting SCADA monitoring or control of power systems.
Who's at risk
Energy utilities and manufacturing facilities using GE Vernova Proficy HMI/SCADA systems (iFIX or CIMPLICITY) with the Catapult Software DNP3 driver installed should assess exposure. This affects supervisory control systems that monitor or manage DNP3-connected field devices such as RTUs, intelligent electronic devices (IEDs), and remote terminal units in substations or generation facilities.
How it could be exploited
An attacker with network access to the DNP3 driver (typically on port 20000 or the configured DNP3 port) can send malformed DNP3 protocol messages. The driver fails to validate input properly, causing it to crash or malfunction, disrupting DNP3 communication with the supervisory control system.
Prerequisites
- Network access to the DNP3 driver port (typically port 20000)
- Ability to send DNP3 protocol messages to the driver
- Driver must be installed and active on the HMI/SCADA system
Remotely exploitableNo authentication requiredNo patch availableAffects SCADA operations
Exploitability
Moderate exploit probability (EPSS 1.3%)
Affected products (2)
1 pending1 EOL
ProductAffected VersionsFix Status
Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) – iFIX or CIMPLICITY servers with the vulnerable I/O Driver installed (this includes iFIX or CIMPLICITY installations that are part of Proficy Process Systems): vers:all/*All versionsNo fix yet
Catapult Software DNP driver (“DNP”): 7.20.567.20.56No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the DNP3 driver port using firewall rules; limit DNP3 communication to only authorized control center workstations or RTUs
HARDENINGMonitor DNP3 traffic for malformed messages and alert on driver process crashes
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) – iFIX or CIMPLICITY servers with the vulnerable I/O Driver installed (this includes iFIX or CIMPLICITY installations that are part of Proficy Process Systems): vers:all/*
HARDENINGSegment the SCADA network so that DNP3 devices are on a restricted subnet with access control lists to the HMI/SCADA system
Mitigations - no patch available
0/1Catapult Software DNP driver (“DNP”): 7.20.56 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate replacement of Catapult Software DNP3 driver with alternative DNP3 protocol implementations or updated Proficy versions if available from GE Vernova
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6fe50f85-0759-4b46-bd91-6ad792d2a577