← Back to home
ICSA-13-297-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Catapult Software DNP3 Driver Improper Input Validation

CVSS 7.1 HIGH

CVEs (2)

Remediations

  • An updated driver is available from Catapult Software. Installing Version 7.20.60 (GE IP 7.20k) of the DNP driver or newer will address this issue. The driver is available for download by registering for support at (http://catapultsoftware.com/support).
  • In addition, the driver update is also available from GE at (http://support.ge-ip.com).
  • The researchers suggest blocking DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DNP3-specific rule sets to add an additional layer of protection.

Affected Vendors

Catapult Software

Affected Products (2)

Catapult Software · Catapult Software DNP driver (“DNP”) 7.20.56
Catapult Software · Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) – iFIX or CIMPLICITY servers with the vulnerable I/O Driver installed (this includes iFIX or CIMPLICITY installations that are part of Proficy Process Systems) vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more