CVE-2013-0694

2013-10-0311:04:37

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.5%

JSON

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.

Affected configurations

Nvd

Node

eneaoseRange≤2.30

AND

emersondl_8000_remote_terminal_unitMatch-

Node

eneaoseRange≤1.20

AND

emersonroc_800l_remote_terminal_unitMatch-

Node

eneaoseRange≤3.50

AND

emersonroc_800_remote_terminal_unitMatch-

VendorProductVersionCPE
eneaose*cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
emersondl_8000_remote_terminal_unit-cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*
emersonroc_800l_remote_terminal_unit-cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*
emersonroc_800_remote_terminal_unit-cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enea	ose	*	cpe:2.3:o:enea:ose::::::::
emerson	dl_8000_remote_terminal_unit	-	cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:::::::*
emerson	roc_800l_remote_terminal_unit	-	cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:::::::*
emerson	roc_800_remote_terminal_unit	-	cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:::::::*