VAR-201408-0327
Vulnerability from variot - Updated: 2025-09-20 23:21The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. Note: To exploit this issue local access to the serial-based outstation is required
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epaq-9410 substation gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "qeiinc",
"version": null
},
{
"model": "epaq-9410 substation gateway",
"scope": null,
"trust": 0.8,
"vendor": "cg automation",
"version": null
},
{
"model": "epaq-9410/9420 multifunction gateway",
"scope": null,
"trust": 0.6,
"vendor": "cg automation",
"version": null
},
{
"model": "automation solutions epaq-9410 substation gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cg",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epaq 9410 substation gateway",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:qeiinc:epaq-9410_substation_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "69421"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-0762",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 2.8,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-68255",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0762",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0762",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0762",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-05291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-427",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68255",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation\n Gateway products, does not validate input correctly. An attacker could \ncause the software to go into an infinite loop, causing the process to \ncrash. The system must be restarted manually to clear the condition. CG is an American supplier of power, transportation, renewable energy and water/wastewater treatment businesses for automated SCADA systems. An attacker could exploit this vulnerability to crash an affected device and deny service to a legitimate user. \nNote: To exploit this issue local access to the serial-based outstation is required",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68255"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0762",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-238-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69421",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-05291",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "110466",
"trust": 0.6
},
{
"db": "IVD",
"id": "975FD358-1EC2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68255",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"id": "VAR-201408-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
}
]
},
"last_update_date": "2025-09-20T23:21:47.831000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.qeiinc.com/"
},
{
"title": "ePAQ-9410 Substation Gateway Serial-Connected Devices Patch for Local Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/49437"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-238-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-01"
},
{
"trust": 1.0,
"url": "http://mail.cgautomationusa.com/login.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0762"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0762"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69421"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/110466"
},
{
"trust": 0.3,
"url": "http://www.qeiinc.com/epaq9410_multifunction_gateway.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "VULHUB",
"id": "VHN-68255"
},
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68255"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69421"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"date": "2014-08-28T01:55:03.043000",
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68255"
},
{
"date": "2014-08-26T00:00:00",
"db": "BID",
"id": "69421"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-427"
},
{
"date": "2014-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003978"
},
{
"date": "2025-09-19T19:15:37.340000",
"db": "NVD",
"id": "CVE-2014-0762"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69421"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ePAQ-9410 Substation Gateway Serial-Connected Devices Local Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05291"
},
{
"db": "BID",
"id": "69421"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "975fd358-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-427"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…