MatrikonOPC for DNP Unhandled C++ Exception
Low RiskICS-CERT ICSA-14-329-01Aug 28, 2014
Summary
MatrikonOPC Server for DNP3 version 1.2.3.0 contains an unhandled C++ exception that can cause the application to crash. The vulnerability is triggered by processing malformed or unexpected DNP3 protocol data, resulting in a denial of service condition affecting the OPC server.
What this means
What could happen
An attacker could crash the MatrikonOPC server by sending malicious DNP3 protocol messages, disrupting communication between SCADA systems and DNP3 devices and halting real-time data acquisition.
Who's at risk
Water utilities and electric utilities that use MatrikonOPC Server for DNP3 to bridge DNP3-speaking field devices (RTUs, IEDs) to their SCADA systems should assess this risk. Any operation relying on real-time data flow from DNP3 devices—such as distribution monitoring, water pressure control, or substation telemetry—could be affected by server outages.
How it could be exploited
An attacker with network access to the DNP3 port (default 20000) sends specially crafted DNP3 protocol packets that trigger an unhandled exception in the OPC server process, causing it to crash and stop servicing requests.
Prerequisites
- Network access to MatrikonOPC Server DNP3 port (typically port 20000)
- Ability to send malformed DNP3 protocol data
remotely exploitableno authentication requiredno patch availabledenial of service
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
MatrikonOPC Server for DNP3: 1.2.3.01.2.3.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to the MatrikonOPC Server DNP3 port using firewall rules; only allow connections from trusted SCADA master systems and engineering workstations
WORKAROUNDMonitor MatrikonOPC Server process for unexpected crashes and establish automated restart procedures to minimize downtime if the service fails
Mitigations - no patch available
0/2MatrikonOPC Server for DNP3: 1.2.3.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the OPC server and its clients on a dedicated VLAN or control network segment, separate from corporate IT and untrusted networks
HARDENINGEvaluate migration to a patched alternative OPC server product or updated version of MatrikonOPC if available from the vendor
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8c37be66-b836-4b8d-80d9-e54654c3214c