Software Toolbox Top Server Resource Exhaustion Vulnerability

CVEs (1)

Remediations

• Remote devices should not return a variation of 0 to a master, and a master that encounters a zero length message from a remote should stop processing that message.
• DNP3 Application Note AN2013-004b Validation of Incoming DNP3 Data, published August 13, 2014, addresses this issue. This bulletin may be downloaded at: https://www.dnp.org/DNP3Downloads/AN2013-004b%20Validation%20of%20Incoming%20DNP3%20Data.pdf)
• Software Toolbox has produced a new version of Top Server software, V5.17.495.0, which resolves the vulnerability. Information about the new version is available at the Software Toolbox support site: http://www.toolboxopc.com/html/support.asp
• Telephone support is available to trial and registered users 8 a.m. to 5 p.m. US Eastern Time (GMT‑5), Monday through Friday.
• US Toll Free – 1-888-665-3678
• Global – 1-704-849-2773

Affected Vendors

Affected Products (1)