CVE-2013-5741
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
29/10/2013
Last modified:
11/04/2025
Description
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:triplc:nano-10_plc_firmware:*:*:*:*:*:*:*:* | r81 (including) | |
| cpe:2.3:o:triplc:nano-10_plc_firmware:r80:*:*:*:*:*:*:* | ||
| cpe:2.3:h:triplc:nano-10_plc:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/
- http://osvdb.org/ref/97/tri-nano10.txt
- http://www.osvdb.org/97728
- http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/
- http://osvdb.org/ref/97/tri-nano10.txt
- http://www.osvdb.org/97728