Search criteria
16 vulnerabilities found for ose by enea
VAR-201310-0175
Vulnerability from variot - Updated: 2023-12-18 12:09The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU runs on the ENEA OSE operating system, and the kernel running on the ROC800 device broadcasts web beacons, allowing attackers to easily detect OSE debugging vulnerabilities. This vulnerability can be exploited remotely. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a remote security vulnerability. An attacker can exploit the issue to perform unauthorized actions. This may aid in further attacks. The following versions are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "roc 800l remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "3.50"
},
{
"model": "roc 800 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "dl 8000 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "1.20 (roc800l rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "2.30 (dl8000 rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "3.50 (roc800 rtu)"
},
{
"model": "dl8000 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800l rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "electric co roc800l",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "1.20"
},
{
"model": "electric co dl8000",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.30"
},
{
"model": "electric co roc800",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dl 8000 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800l remote terminal unit",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation",
"sources": [
{
"db": "BID",
"id": "62670"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0693",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0693",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-60695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0693",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13376",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-491",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "VULHUB",
"id": "VHN-60695"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU runs on the ENEA OSE operating system, and the kernel running on the ROC800 device broadcasts web beacons, allowing attackers to easily detect OSE debugging vulnerabilities. This vulnerability can be exploited remotely. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a remote security vulnerability. \nAn attacker can exploit the issue to perform unauthorized actions. This may aid in further attacks. \nThe following versions are affected:\nROC800 3.50 and prior\nDL8000 2.30 and prior\nROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "BID",
"id": "62670"
},
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60695"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0693",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-259-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62670",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-13376",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E239B9A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60695",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "VULHUB",
"id": "VHN-60695"
},
{
"db": "BID",
"id": "62670"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"id": "VAR-201310-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "VULHUB",
"id": "VHN-60695"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
}
]
},
"last_update_date": "2023-12-18T12:09:02.047000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.enea.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Multiple Emerson Process Management RTUs remote vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60695"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0693"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=2013-0693"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62670"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "VULHUB",
"id": "VHN-60695"
},
{
"db": "BID",
"id": "62670"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"db": "VULHUB",
"id": "VHN-60695"
},
{
"db": "BID",
"id": "62670"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "9e239b9a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60695"
},
{
"date": "2013-09-26T00:00:00",
"db": "BID",
"id": "62670"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"date": "2013-10-03T11:04:37.430000",
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13376"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60695"
},
{
"date": "2014-12-24T00:55:00",
"db": "BID",
"id": "62670"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004485"
},
{
"date": "2013-10-03T18:05:49.207000",
"db": "NVD",
"id": "CVE-2013-0693"
},
{
"date": "2013-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Emerson Process Management RTU Run on product ENEA OSE Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004485"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-491"
}
],
"trust": 0.6
}
}
VAR-201310-0176
Vulnerability from variot - Updated: 2023-12-18 12:09The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 ROM contains a built-in account that allows remote attackers to access the operating system command shell and control the ROC800 device. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a security-bypass vulnerability caused by hard-coded credentials. An attacker can leverage this issue to gain access to the vulnerable device. The following versions are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "roc 800l remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "3.50"
},
{
"model": "roc 800 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "dl 8000 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "1.20 (roc800l rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "2.30 (dl8000 rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "3.50 (roc800 rtu)"
},
{
"model": "dl8000 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800l rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "electric co roc800l",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "1.20"
},
{
"model": "electric co dl8000",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.30"
},
{
"model": "electric co roc800",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dl 8000 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800l remote terminal unit",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0694"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation",
"sources": [
{
"db": "BID",
"id": "62667"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0694",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-13375",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-60696",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0694",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13375",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-489",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60696",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "VULHUB",
"id": "VHN-60696"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 ROM contains a built-in account that allows remote attackers to access the operating system command shell and control the ROC800 device. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a security-bypass vulnerability caused by hard-coded credentials. \nAn attacker can leverage this issue to gain access to the vulnerable device. \nThe following versions are affected:\nROC800 3.50 and prior\nDL8000 2.30 and prior\nROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "BID",
"id": "62667"
},
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60696"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0694",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-259-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62667",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-13375",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E1B318A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60696",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "VULHUB",
"id": "VHN-60696"
},
{
"db": "BID",
"id": "62667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"id": "VAR-201310-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "VULHUB",
"id": "VHN-60696"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
}
]
},
"last_update_date": "2023-12-18T12:09:02.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.enea.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Patches for multiple Emerson Process Management RTUs built-in account security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39894"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60696"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0694"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0694"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62667"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "VULHUB",
"id": "VHN-60696"
},
{
"db": "BID",
"id": "62667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"db": "VULHUB",
"id": "VHN-60696"
},
{
"db": "BID",
"id": "62667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60696"
},
{
"date": "2013-09-26T00:00:00",
"db": "BID",
"id": "62667"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"date": "2013-10-03T11:04:37.447000",
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13375"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60696"
},
{
"date": "2014-12-24T00:55:00",
"db": "BID",
"id": "62667"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004486"
},
{
"date": "2013-10-03T17:13:26.337000",
"db": "NVD",
"id": "CVE-2013-0694"
},
{
"date": "2013-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Emerson Process Management RTU Vulnerabilities in which shell access rights are obtained in product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "9e1b318a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-489"
}
],
"trust": 0.8
}
}
VAR-201310-0174
Vulnerability from variot - Updated: 2023-12-18 12:09The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU kernel contains a port for connecting to the debug tool. An attacker can change memory, registers, process state, and full control of the device. Emerson ROC800 Remote Terminal Units are prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected device. Successful exploits will completely compromise the device. The following products are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "roc 800l remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "roc 800 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "3.50"
},
{
"model": "dl 8000 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "1.20 (roc800l rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "2.30 (dl8000 rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "3.50 (roc800 rtu)"
},
{
"model": "dl8000 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800l rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "electric co roc800l",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "1.20"
},
{
"model": "electric co dl8000",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.30"
},
{
"model": "electric co roc800",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dl 8000 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800l remote terminal unit",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0692"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation",
"sources": [
{
"db": "BID",
"id": "62664"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0692",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13377",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-60694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0692",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13377",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-519",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60694",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "VULHUB",
"id": "VHN-60694"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU kernel contains a port for connecting to the debug tool. An attacker can change memory, registers, process state, and full control of the device. Emerson ROC800 Remote Terminal Units are prone to a remote code-execution vulnerability. \nA remote attacker can leverage this issue to execute arbitrary code within the context of the affected device. Successful exploits will completely compromise the device. \nThe following products are affected:\nROC800 3.50 and prior\nDL8000 2.30 and prior\nROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "BID",
"id": "62664"
},
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60694"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0692",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-259-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62664",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2013-13377",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E2C8EDA-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60694",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "VULHUB",
"id": "VHN-60694"
},
{
"db": "BID",
"id": "62664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"id": "VAR-201310-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "VULHUB",
"id": "VHN-60694"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
}
]
},
"last_update_date": "2023-12-18T12:09:02.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.enea.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Emerson ROC800 Remote Terminal Unit Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60694"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0692"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=2013-0692"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62664"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "VULHUB",
"id": "VHN-60694"
},
{
"db": "BID",
"id": "62664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"db": "VULHUB",
"id": "VHN-60694"
},
{
"db": "BID",
"id": "62664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60694"
},
{
"date": "2013-09-26T00:00:00",
"db": "BID",
"id": "62664"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"date": "2013-10-03T11:04:37.383000",
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"date": "2013-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13377"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60694"
},
{
"date": "2014-12-24T00:55:00",
"db": "BID",
"id": "62664"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004484"
},
{
"date": "2013-10-03T18:07:11.193000",
"db": "NVD",
"id": "CVE-2013-0692"
},
{
"date": "2013-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson ROC800 Remote Terminal Unit Remote Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9e2c8eda-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13377"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-519"
}
],
"trust": 0.6
}
}
VAR-201310-0173
Vulnerability from variot - Updated: 2023-12-18 12:09The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The following products are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. This product includes ROC800, ROC800L, DL8000, and has the function of executing multiple PLCs (digital operation operation electronics in industrial environments) on control equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "roc 800l remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "roc 800 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "3.50"
},
{
"model": "dl 8000 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "2.30"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "1.20 (roc800l rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "2.30 (dl8000 rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "3.50 (roc800 rtu)"
},
{
"model": "dl8000 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800l rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "electric co roc800l",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "1.20"
},
{
"model": "electric co dl8000",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.30"
},
{
"model": "electric co roc800",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dl 8000 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800l remote terminal unit",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation",
"sources": [
{
"db": "BID",
"id": "62666"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0689",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13378",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "9e315456-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-60691",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0689",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13378",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-488",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60691",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. \nThe following products are affected:\nROC800 3.50 and prior\nDL8000 2.30 and prior\nROC800L 1.20 and prior. This product includes ROC800, ROC800L, DL8000, and has the function of executing multiple PLCs (digital operation operation electronics in industrial environments) on control equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60691"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0689",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-259-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62666",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-13378",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E315456-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60691",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"id": "VAR-201310-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
}
]
},
"last_update_date": "2023-12-18T12:09:02.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.enea.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Multiple Emerson Process Management RTUs patch for arbitrary file upload vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39891"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0689"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0689"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62666"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60691"
},
{
"date": "2013-09-26T00:00:00",
"db": "BID",
"id": "62666"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"date": "2013-10-03T11:04:37.320000",
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60691"
},
{
"date": "2014-12-24T00:55:00",
"db": "BID",
"id": "62666"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"date": "2013-10-03T17:40:26.257000",
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"date": "2013-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Emerson Process Management RTU File upload vulnerability in product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.8
}
}
FKIE_CVE-2013-0692
Vulnerability from fkie_nvd - Published: 2013-10-03 11:04 - Updated: 2025-04-11 00:51
Severity ?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| enea | ose | * | |
| emerson | roc_800l_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | roc_800_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | dl_8000_remote_terminal_unit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54CB70DF-F2C3-481A-852A-1A83909F0974",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1935960D-E2BF-4348-AE45-29DDC1683C8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91452FC-4D1C-470E-A886-E7BDA49A2DBE",
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C553AD-326E-4135-BA54-35830CD6B13C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25E1CE-72CF-4D4B-940F-720362EC5B19",
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E57C5C99-9480-4506-B8B4-A83485050B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service."
},
{
"lang": "es",
"value": "El kernel de ENEA OSE, en Emerson Process Management ROC800 con osftware 3.50 y anteriores, DL8000 con osftware 2.30 y anteriores, y ROC800L con software 1.20 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario conectando al servicio de depuraci\u00f3n."
}
],
"id": "CVE-2013-0692",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T11:04:37.383",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0694
Vulnerability from fkie_nvd - Published: 2013-10-03 11:04 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| enea | ose | * | |
| emerson | dl_8000_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | roc_800l_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | roc_800_remote_terminal_unit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25E1CE-72CF-4D4B-940F-720362EC5B19",
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E57C5C99-9480-4506-B8B4-A83485050B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54CB70DF-F2C3-481A-852A-1A83909F0974",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1935960D-E2BF-4348-AE45-29DDC1683C8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91452FC-4D1C-470E-A886-E7BDA49A2DBE",
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C553AD-326E-4135-BA54-35830CD6B13C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere."
},
{
"lang": "es",
"value": "El RTU Emerson Process Management ROC800 con software 3.50 y anteriores, DL8000 con software 2.30 y anteriores, y ROC800L con software 1.20 y anteriores tienen credenciales incrustadas en una ROM, lo que hace sencillo para atacantes remotos obtener acceso shell al sistema operativo aprovechando el conocimiento de los contenidos de la ROM de una instalaci\u00f3n del producto en cualquier otro lugar."
}
],
"id": "CVE-2013-0694",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T11:04:37.447",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0689
Vulnerability from fkie_nvd - Published: 2013-10-03 11:04 - Updated: 2025-04-11 00:51
Severity ?
Summary
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| enea | ose | * | |
| emerson | roc_800l_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | roc_800_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | dl_8000_remote_terminal_unit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54CB70DF-F2C3-481A-852A-1A83909F0974",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1935960D-E2BF-4348-AE45-29DDC1683C8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91452FC-4D1C-470E-A886-E7BDA49A2DBE",
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C553AD-326E-4135-BA54-35830CD6B13C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25E1CE-72CF-4D4B-940F-720362EC5B19",
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E57C5C99-9480-4506-B8B4-A83485050B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "El servidor TFTP en el Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores permite a atacantes remotos subir archivos y por consiguiente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-0689",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T11:04:37.320",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0693
Vulnerability from fkie_nvd - Published: 2013-10-03 11:04 - Updated: 2025-04-11 00:51
Severity ?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| enea | ose | * | |
| emerson | roc_800l_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | dl_8000_remote_terminal_unit | - | |
| enea | ose | * | |
| emerson | roc_800_remote_terminal_unit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54CB70DF-F2C3-481A-852A-1A83909F0974",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1935960D-E2BF-4348-AE45-29DDC1683C8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25E1CE-72CF-4D4B-940F-720362EC5B19",
"versionEndIncluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E57C5C99-9480-4506-B8B4-A83485050B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91452FC-4D1C-470E-A886-E7BDA49A2DBE",
"versionEndIncluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80C553AD-326E-4135-BA54-35830CD6B13C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."
},
{
"lang": "es",
"value": "El kernel en ENEA OSE de Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores realiza difusiones network-beacon, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible acerca de la presencia del dispositivo escuchando el tr\u00e1fico de difusi\u00f3n."
}
],
"id": "CVE-2013-0693",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T11:04:37.430",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-0694 (GCVE-0-2013-0694)
Vulnerability from cvelistv5 – Published: 2013-10-03 10:00 – Updated: 2024-09-16 18:04
VLAI?
Summary
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0694",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:04:15.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0689 (GCVE-0-2013-0689)
Vulnerability from cvelistv5 – Published: 2013-10-03 10:00 – Updated: 2024-09-16 22:41
VLAI?
Summary
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0689",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:37.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0693 (GCVE-0-2013-0693)
Vulnerability from cvelistv5 – Published: 2013-10-03 10:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0693",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:04:57.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0692 (GCVE-0-2013-0692)
Vulnerability from cvelistv5 – Published: 2013-10-03 10:00 – Updated: 2024-09-16 19:45
VLAI?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0692",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:45:39.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0694 (GCVE-0-2013-0694)
Vulnerability from nvd – Published: 2013-10-03 10:00 – Updated: 2024-09-16 18:04
VLAI?
Summary
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0694",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:04:15.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0689 (GCVE-0-2013-0689)
Vulnerability from nvd – Published: 2013-10-03 10:00 – Updated: 2024-09-16 22:41
VLAI?
Summary
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0689",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:37.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0693 (GCVE-0-2013-0693)
Vulnerability from nvd – Published: 2013-10-03 10:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0693",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:04:57.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0692 (GCVE-0-2013-0692)
Vulnerability from nvd – Published: 2013-10-03 10:00 – Updated: 2024-09-16 19:45
VLAI?
Summary
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0692",
"datePublished": "2013-10-03T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:45:39.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}