MidnightBSD

Advisories for triplc

CVE-2013-2784 HIGH

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
triplc nano-10_plc -
triplc nano-10_plc_firmware *
CVE-2013-5741 HIGH

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
triplc nano-10_plc -
triplc nano-10_plc_firmware r80
triplc nano-10_plc_firmware *
CVE-2013-6927 LOW

Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
triplc trilogi_server -