VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 5, 2014· Updated May 6, 2026

CVE-2014-2346

CVE-2014-2346

Description

Improper input validation in COPA-DATA zenon DNP3 drivers allows physically proximate attackers to cause denial of service via crafted serial input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper input validation in COPA-DATA zenon DNP3 drivers allows physically proximate attackers to cause denial of service via crafted serial input.

Vulnerability

An improper input validation vulnerability (CWE-20) exists in the COPA-DATA zenon DNP3 NG driver (DNP3 master) versions 7.10 SP0 through 7.11 SP0 build 10238 and the zenon DNP3 Process Gateway (DNP3 outstation) versions 7.11 SP0 build 10238 and earlier [1][2]. The flaw occurs when the DNP3 driver processes specially crafted input over a serial line, leading to an infinite loop and process crash.

Exploitation

An attacker must have physical proximity to the affected device to send crafted input over a serial connection [1][2]. No authentication is required, and the attacker can trigger the denial-of-service condition by transmitting a malicious DNP3 message that the driver fails to validate properly.

Impact

Successful exploitation causes a denial-of-service (DoS) condition, resulting in an infinite loop that crashes the DNP3 driver process [1][2]. This closes communication connections and causes system instability, potentially disrupting SCADA operations in energy, water, and wastewater treatment environments.

Mitigation

COPA-DATA has produced an update that mitigates the vulnerability [1][2]. Affected users should contact COPA-DATA customer support for the fix and apply it according to the vendor's guidance. No workarounds are documented in the available references.

References
  1. COPA-DATA Improper Input Validation | CISA
  2. COPA-DATA Improper Input Validation | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Copadata/Zenon Dnp3 Ng Driver3 versions
    cpe:2.3:a:copadata:zenon_dnp3_ng_driver:7.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:copadata:zenon_dnp3_ng_driver:7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:copadata:zenon_dnp3_ng_driver:7.11:-:*:*:*:*:*:*
    • cpe:2.3:a:copadata:zenon_dnp3_ng_driver:7.11:sp0_build_10238:*:*:*:*:*:*
  • Copadata/Zenon Dnp3 Process Gateway3 versions
    cpe:2.3:a:copadata:zenon_dnp3_process_gateway:7.11:sp0_build_10238:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:copadata:zenon_dnp3_process_gateway:7.11:sp0_build_10238:*:*:*:*:*:*
    • (no CPE)range: <= 7.11 SP0 build 10238
    • (no CPE)range: 0
  • Copadata/Zenon Dnp3 Ng Driver (dnp3 Master)llm-fuzzy2 versions
    = 7.11 SP0 build 10238+ 1 more
    • (no CPE)range: = 7.11 SP0 build 10238
    • (no CPE)range: 7.10 SP0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.