CVE-2013-0692

2013-10-0311:04:37

CWE-264

icscert

web.nvd.nist.gov

enea ose

emerson process management

roc800 rtu

remote code execution

debug service

cve-2013-0692

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.

Affected configurations

Nvd

Node

eneaoseRange≤1.20

AND

emersonroc_800l_remote_terminal_unitMatch-

Node

eneaoseRange≤3.50

AND

emersonroc_800_remote_terminal_unitMatch-

Node

eneaoseRange≤2.30

AND

emersondl_8000_remote_terminal_unitMatch-

VendorProductVersionCPE
eneaose*cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
emersonroc_800l_remote_terminal_unit-cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*
emersonroc_800_remote_terminal_unit-cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*
emersondl_8000_remote_terminal_unit-cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enea	ose	*	cpe:2.3:o:enea:ose::::::::
emerson	roc_800l_remote_terminal_unit	-	cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:::::::*
emerson	roc_800_remote_terminal_unit	-	cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:::::::*
emerson	dl_8000_remote_terminal_unit	-	cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:::::::*