CVE-2014-0762

The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition.

CVSS v2.0 4.7 MEDIUM

4.7^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://mail.cgautomationusa.com/login.aspx
https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01
https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-08-28 01:55

Updated : 2025-09-19 19:15

NVD link : CVE-2014-0762

Mitre link : CVE-2014-0762

CVE.ORG link : CVE-2014-0762

JSON object : View

Products Affected

qeiinc

epaq-9410_substation_gateway

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-0762", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 4.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-28T01:55:03.043", "references": [{"url": "http://mail.cgautomationusa.com/login.aspx", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition."}, {"lang": "es", "value": "El controlador DNP3 en CG Automation ePAQ-9410 Substation Gateway permite a atacantes f\u00edsicamente pr\u00f3ximos causar una denegaci\u00f3n de servicio (bucle infinito o ca\u00edda del proceso) a trav\u00e9s de entradas manipuladas por una l\u00ednea de seriales."}], "lastModified": "2025-09-19T19:15:37.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qeiinc:epaq-9410_substation_gateway:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6CF7480-D726-4929-A718-00C7D71A0FDA"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}