CVE-2013-0692

2013-10-0311:04:37

CWE-264

[email protected]

web.nvd.nist.gov

enea ose

emerson process management

roc800 rtu

remote code execution

debug service

cve-2013-0692

nvd

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.

CPE configuration

NVD

eneaoseRange≤1.20

AND

emersonroc_800l_remote_terminal_unitMatch-

CPENameOperatorVersion
enea:oseenea osele1.20
emerson:roc_800l_remote_terminal_unitemerson roc 800l remote terminal uniteq-
enea:oseenea osele3.50
emerson:roc_800_remote_terminal_unitemerson roc 800 remote terminal uniteq-
enea:oseenea osele2.30
emerson:dl_8000_remote_terminal_unitemerson dl 8000 remote terminal uniteq-

CPE	Name	Operator	Version
enea:ose	enea ose	le	1.20
emerson:roc_800l_remote_terminal_unit	emerson roc 800l remote terminal unit	eq	-
enea:ose	enea ose	le	3.50
emerson:roc_800_remote_terminal_unit	emerson roc 800 remote terminal unit	eq	-
enea:ose	enea ose	le	2.30
emerson:dl_8000_remote_terminal_unit	emerson dl 8000 remote terminal unit	eq	-