Kepware Resource Exhaustion Vulnerability

CVEs (1)

Remediations

• Remote devices should not return a variation of 0 to a master, and a master that encounters a zero length message from a remote should stop processing that message.
• DNP3 Application Note AN2013-004b Validation of Incoming DNP3 Data, published August 13, 2014, addresses this issue. This bulletin may be downloaded at: https://www.dnp.org/DNP3Downloads/AN2013-004b%20Validation%20of%20Incoming%20DNP3%20Data.pdf)
• Kepware Technologies has produced a new version of the software, V5.17.495.0, which resolves the vulnerability. Information about the new version is available at the Kepware support site to registered users at (login required): https://my.kepware.com/mykepware/Login.aspx
• Kepware Technical Support can be called at: 207-775-1660 or 1-888-537-9273, Ext 211. Hours of operation are 8am to 5pm US Eastern Time (GMT‑5), Monday to Friday.
• Kepware Technical email is: [email protected]

Affected Vendors

Affected Products (1)