← Back to home
ICSA-14-289-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

IOServer Resource Exhaustion Vulnerability

CVSS 5.0 MEDIUM

CVEs (1)

Remediations

  • DNP3 Application Note AN2013-004b Validation of Incoming DNP3 Data, published August 13, 2014, addresses this issue. This bulletin may be downloaded at URL: (https://www.dnp.org/DNP3Downloads/AN2013-004b%20Validation%20of%20Incoming%20DNP3%20Data.pdf)
  • IOServer has produced a new version that mitigates the vulnerability. The new version, Beta2112.exe, is available for download here: (http://www.ioserver.com/)
  • Remote devices should not return a variation of 0 to a master, and a master that encounters a zero length message from a remote is suppose to stop processing that message.

Affected Vendors

IOServer

Affected Products (1)

IOServer · IOServer 1.0.20_and_older

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more