Lucene search

IcscertCVE-2023-1935

HistoryAug 02, 2023 - 11:15 p.m.

CVE-2023-1935

2023-08-0223:15:10

CWE-287

icscert

web.nvd.nist.gov

nvd

cve-2023-1935

roc800-series

rtu

device

vulnerability

authentication bypass

unauthorized access

data

control

denial-of-service

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.

Affected configurations

Nvd

Node

emersonroc809_firmware

AND

emersonroc809

Node

emersonroc827_firmware

AND

emersonroc827

Node

emersonroc809l_firmware

AND

emersonroc809lMatch-

Node

emersonroc827l_firmware

AND

emersonroc827lMatch-

Node

emersondl8000_firmware

AND

emersondl8000

VendorProductVersionCPE
emersonroc809_firmware*cpe:2.3:o:emerson:roc809_firmware:*:*:*:*:*:*:*:*
emersonroc809*cpe:2.3:h:emerson:roc809:*:*:*:*:*:*:*:*
emersonroc827_firmware*cpe:2.3:o:emerson:roc827_firmware:*:*:*:*:*:*:*:*
emersonroc827*cpe:2.3:h:emerson:roc827:*:*:*:*:*:*:*:*
emersonroc809l_firmware*cpe:2.3:o:emerson:roc809l_firmware:*:*:*:*:*:*:*:*
emersonroc809l-cpe:2.3:h:emerson:roc809l:-:*:*:*:*:*:*:*
emersonroc827l_firmware*cpe:2.3:o:emerson:roc827l_firmware:*:*:*:*:*:*:*:*
emersonroc827l-cpe:2.3:h:emerson:roc827l:-:*:*:*:*:*:*:*
emersondl8000_firmware*cpe:2.3:o:emerson:dl8000_firmware:*:*:*:*:*:*:*:*
emersondl8000*cpe:2.3:h:emerson:dl8000:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emerson	roc809_firmware	*	cpe:2.3:o:emerson:roc809_firmware::::::::
emerson	roc809	*	cpe:2.3:h:emerson:roc809::::::::
emerson	roc827_firmware	*	cpe:2.3:o:emerson:roc827_firmware::::::::
emerson	roc827	*	cpe:2.3:h:emerson:roc827::::::::
emerson	roc809l_firmware	*	cpe:2.3:o:emerson:roc809l_firmware::::::::
emerson	roc809l	-	cpe:2.3:h:emerson:roc809l:-:::::::*
emerson	roc827l_firmware	*	cpe:2.3:o:emerson:roc827l_firmware::::::::
emerson	roc827l	-	cpe:2.3:h:emerson:roc827l:-:::::::*
emerson	dl8000_firmware	*	cpe:2.3:o:emerson:dl8000_firmware::::::::
emerson	dl8000	*	cpe:2.3:h:emerson:dl8000::::::::

CNA Affected

[
  {
    "vendor": "Emerson Electric",
    "product": "DL8000",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "vendor": "Emerson Electric",
    "product": "ROC827",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "vendor": "Emerson Electric",
    "product": "ROC809L",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "vendor": "Emerson Electric",
    "product": "ROC827",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "vendor": "Emerson Electric",
    "product": "ROC809",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-206-03

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for CVE-2023-1935