AVEVA Adapter for DNP3 Module
- Last UpdatedFeb 20, 2025
- 3 minute read
- PI System
- Adapter for DNP3 1.2
- Adapters
AVEVA Adapter for DNP3 Module: 1.2
AVEVA Adapter for DNP3: 1.2.0.314
Adapter Framework: 1.8.1.62
Edge Module Manager: 1.1.1.19
Alpine Linux: 3.18.4
Overview
AVEVA Adapter for DNP3 Module is the containerized version of the adapter that can be deployed using Edge Management on CONNECT data services. It offers the same capabilities as the adapter that is available for installation directly on the device.
To review the adapter's capabilities as well as enhancements and fixes, see the Release Notes.
Fixes and enhancements
Fixes
The following issues were resolved in this release:
None
Enhancements
The following enhancements are added in this release:
-
Support for client-level failover for AVEVA Adapter for DNP3 Module
Known issues
There are no known issues for this release.
System requirements
See the System requirements for information on the installation kits available.
Installation and upgrade
See AVEVA Edge Management Deployment for additional information.
Uninstalling the adapter
See Uninstall the adapter for more information.
Security information and guidance
We are committed to releasing secure products. This section is intended to provide relevant security-related information to guide your installation or upgrade decision.
We proactively disclose aggregate information about the number and severity of security vulnerabilities addressed in each release. The tables below provide an overview of security issues addressed and their relative severity based on standard scoring.
No security-related information is applicable to this release.
Overview of New Vulnerabilities Found or Fixed
This section is intended to provide relevant security-related information to guide your installation or upgrade decision. AVEVA is proactively disclosing aggregate information about the number and severity of AVEVA Adapter for DNP3 security vulnerabilities that are fixed in this release.
For this release of AVEVA Adapter for DNP3, the following vulnerabilities have been identified or fixed.
Security Vulnerabilities fixed in AVEVA Adapter for DNP3 1.2.0.314 Release
|
Severity Category |
CVSS Base Score Range |
Number of Fixed Vulnerabilities |
|---|---|---|
|
Critical |
9 - 10 |
0 |
|
High |
7.0 - 8.9 |
1 |
|
Medium |
4.0 - 6.9 |
1 |
|
Low |
0 - 3.9 |
0 |
Vulnerability Mitigations in AVEVA Adapter for DNP3 1.2.0.314 Release
The following vulnerabilities were identified in AVEVA Adapter for DNP3 1.2.0.314 Release.
|
Component |
Version |
CVE or Reference |
CVSS |
Mitigation |
|---|---|---|---|---|
|
aspnet/AspNetCore |
6.0.23 |
CVE-2023-21386 (https://nvd.nist.gov/vuln/detail/CVE-2024-21386) |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
aspnet/AspNetCore |
6.0.23 |
CVE-2023-36558 (https://nvd.nist.gov/vuln/detail/CVE-2023-36558) |
6.7 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
azure-activedirectory-identitymodel-extensions-for-dotnet |
5.6.0 |
CVE-2024-21319 (https://nvd.nist.gov/vuln/detail/CVE-2024-21319) |
6.8 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42363 (https://nvd.nist.gov/vuln/detail/CVE-2023-42363) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42364 (https://nvd.nist.gov/vuln/detail/CVE-2023-42364) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42365 (https://nvd.nist.gov/vuln/detail/CVE-2023-42365) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42366 (https://nvd.nist.gov/vuln/detail/CVE-2023-42366) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2022-48174 (https://nvd.nist.gov/vuln/detail/CVE-2022-48174) |
6.7 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
JSON Web Token Handler For the Microsoft .NET Framework 4.5 |
5.6.0 |
CVE-2024-21319 (https://nvd.nist.gov/vuln/detail/CVE-2024-21319) |
6.8 |
Microsoft has provided the following explanation: "The attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation." https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 Edge Module authentication occurs server-side and does not expose the public encryption key to a client. |
|
krb5/krb5 |
1.20.1 |
CVE-2023-36054 (https://nvd.nist.gov/vuln/detail/CVE-2023-36054) |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
krb5/krb5 |
1.20.1 |
BDSA-2024-0455 |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
krb5/krb5 |
1.20.1 |
BDSA-2024-0457 |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
krb5/krb5 |
1.20.1 |
BDSA-2024-0458 |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
OpenSSL |
3.1.4 |
CVE-2023-6129 (https://nvd.nist.gov/vuln/detail/CVE-2023-6129) |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module is not affected by this vulnerability. |
|
OpenSSL |
3.1.4 |
CVE-2024-0727 (https://nvd.nist.gov/vuln/detail/CVE-2024-0727) |
5.5 |
Vulnerability is not reachable: This vulnerability relies on application loading malformed PKCS12 file from disk since edge module's file system can be accessed only by administrators this is considered as low risk. |
|
OpenSSL |
3.1.4 |
BDSA-2024-0082 |
5.5 |
Vulnerability is not applicable: This vulnerability is not exposed by the use of OpenSSL in AVEVA Adapter for DNP3 Module. |
|
zlib |
1.2.13 |
CVE-2023-45853 (https://nvd.nist.gov/vuln/detail/CVE-2023-45853) |
9.8 |
Vulnerability is not applicable: The AVEVA Adapter for DNP3 Module's utilization of zlib through the .NET 6 Framework does not expose this vulnerability. |
Technical support and feedback
See Technical support and feedback for additional information.