← Back to home
ICSA-13-352-01  ·  Published 2025-06-12  ·  View on CISA ICS-CERT ↗

NovaTech Orion DNP3 Improper Input Validation Vulnerability

CVSS 7.1 HIGH

CVEs (2)

Remediations

  • NovaTech has produced a firmware update that is available for download from the NovaTech Orion Support Site (user registration is required for access). Customers are encouraged to contact the following regional NovaTech representative for download information.
  • The researchers suggest the following mitigations: Block DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DNP3-specific rule sets.

Affected Vendors

NovaTech

Affected Products (4)

NovaTech · OrionLX DNP Master <=v1.27.38
NovaTech · DNP Slave Firmware <=7.6 <=V1.23.10
NovaTech · Orion5/Orion5r DNP Master <=V1.27.38
NovaTech · DNP Slave <=V1.23.10

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more