SubSTATION Server Telegyr 8979 Master Vulnerabilities
Low RiskICS-CERT ICSA-14-196-01Apr 17, 2014
Summary
SubSTATION Server 2 Telegyr 8979 Master Protocol contains an improper input validation vulnerability (CWE-20) in all versions. An attacker can send specially crafted input to the protocol interface to cause a denial of service or potentially achieve code execution. Subnet Solutions has not released a patch for this vulnerability, and all versions remain affected. The vendor recommends implementing defensive network measures to minimize risk.
What this means
What could happen
An attacker with network access to the SubSTATION Server could send specially crafted input to crash the application or potentially execute code, disrupting communication with substation equipment and causing operational outages.
Who's at risk
Energy sector operators using Subnet Solutions SubSTATION Server 2 with Telegyr 8979 Master Protocol for substation automation and SCADA communications. This includes municipal electric utilities and regional transmission operators managing distribution and transmission substations.
How it could be exploited
An attacker on the same network as the SubSTATION Server 2 device sends malformed or unexpected input to the Telegyr 8979 Master Protocol interface. The server does not properly validate this input (CWE-20 improperly controlled input), causing the application to crash or allowing code execution through memory corruption.
Prerequisites
- Network access to the SubSTATION Server on the Telegyr 8979 Master Protocol port
- No credentials required—the vulnerability is in input validation before authentication
remotely exploitableno authentication requiredno patch availableinput validation weakness (CWE-20)
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
SubSTATION Server 2 Telegyr 8979 Master Protocol: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation to restrict access to the SubSTATION Server to only authorized substation equipment and engineering workstations. Use firewall rules to deny external access to the Telegyr 8979 Master Protocol port.
WORKAROUNDMonitor network traffic to and from the SubSTATION Server for unusual or malformed packets on the Telegyr 8979 Master Protocol interface. Alert on unexpected connections or protocol violations.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMaintain current backups of substation communications configuration and have a documented recovery plan in case the SubSTATION Server becomes unavailable due to exploitation or other failure.
Mitigations - no patch available
0/1SubSTATION Server 2 Telegyr 8979 Master Protocol: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate replacement or upgrade of the SubSTATION Server 2 to a newer product version that addresses input validation issues, as the vendor has not released a patch for this product line.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c9497fb6-bac5-4ce3-aaa8-1df02c7b1756