What is the severity of CVE-2013-2824?

CVE-2013-2824 is classified as a high severity vulnerability.

How do I fix CVE-2013-2824?

To fix CVE-2013-2824, users should update to the latest version of the affected software from Schneider Electric.

What are the affected versions for CVE-2013-2824?

The affected versions for CVE-2013-2824 include Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.20 to 7.40, among others.

Can CVE-2013-2824 be exploited remotely?

Yes, CVE-2013-2824 allows remote attackers to exploit the vulnerability.

What type of vulnerability is CVE-2013-2824?

CVE-2013-2824 is an exception handling vulnerability that can lead to denial of service.

Vulnerability/
CVE-2013-2824

high

7.8

26/2/2014

CVE-2013-2824

First published: Wed Feb 26 2014(Updated: )

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Schneider Electric SCADA Expert Vijeo Citect	=7.20
Schneider Electric SCADA Expert Vijeo Citect	=7.20-sp1
Schneider Electric SCADA Expert Vijeo Citect	=7.20-sp2
Schneider Electric SCADA Expert Vijeo Citect	=7.20-sp3
Schneider Electric SCADA Expert Vijeo Citect	=7.20-sp4
Schneider Electric SCADA Expert Vijeo Citect	=7.30
Schneider Electric SCADA Expert Vijeo Citect	=7.30-sp1
Schneider Electric PowerLogic SCADA	=7.20
Schneider Electric PowerLogic SCADA	=7.20-sr1
Schneider Electric EcoStruxure Power SCADA Expert	=7.30
Schneider Electric EcoStruxure Power SCADA Expert	=7.30-sr1
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.20
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.20-sp1
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.20-sp2
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.20-sp3
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.20-sp4
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.30
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.30-sp1
Schneider Electric StruxureWare SCADA Expert Vijeo Citect	=7.40

Remedy

http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01

Remedy

http://www.citect.schneider-electric.com/security-DoS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2824?
CVE-2013-2824 is classified as a high severity vulnerability.
How do I fix CVE-2013-2824?
To fix CVE-2013-2824, users should update to the latest version of the affected software from Schneider Electric.
What are the affected versions for CVE-2013-2824?
The affected versions for CVE-2013-2824 include Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.20 to 7.40, among others.
Can CVE-2013-2824 be exploited remotely?
Yes, CVE-2013-2824 allows remote attackers to exploit the vulnerability.
What type of vulnerability is CVE-2013-2824?
CVE-2013-2824 is an exception handling vulnerability that can lead to denial of service.

agent/references
agent/remedy
agent/last-modified-date
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/schneider-electric
canonical/schneider electric scada expert vijeo citect
version/schneider electric scada expert vijeo citect/7.20
version/schneider electric scada expert vijeo citect/7.20-sp1
version/schneider electric scada expert vijeo citect/7.20-sp2
version/schneider electric scada expert vijeo citect/7.20-sp3
version/schneider electric scada expert vijeo citect/7.20-sp4
version/schneider electric scada expert vijeo citect/7.30
version/schneider electric scada expert vijeo citect/7.30-sp1
canonical/schneider electric powerlogic scada
version/schneider electric powerlogic scada/7.20
version/schneider electric powerlogic scada/7.20-sr1
canonical/schneider electric ecostruxure power scada expert
version/schneider electric ecostruxure power scada expert/7.30
version/schneider electric ecostruxure power scada expert/7.30-sr1
canonical/schneider electric struxureware scada expert vijeo citect
version/schneider electric struxureware scada expert vijeo citect/7.20
version/schneider electric struxureware scada expert vijeo citect/7.20-sp1
version/schneider electric struxureware scada expert vijeo citect/7.20-sp2
version/schneider electric struxureware scada expert vijeo citect/7.20-sp3
version/schneider electric struxureware scada expert vijeo citect/7.20-sp4
version/schneider electric struxureware scada expert vijeo citect/7.30
version/schneider electric struxureware scada expert vijeo citect/7.30-sp1
version/schneider electric struxureware scada expert vijeo citect/7.40

CVE-2013-2824

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2824?

How do I fix CVE-2013-2824?

What are the affected versions for CVE-2013-2824?

Can CVE-2013-2824 be exploited remotely?

What type of vulnerability is CVE-2013-2824?

Company

Resources

Contact