Lucene search

IcscertCVE-2016-9347

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2016-9347

2017-02-1321:59:01

CWE-254

icscert

web.nvd.nist.gov

cve-2016-9347

emerson

se4801t0x

redundant wireless i/o card

se4801t1x

simplex wireless i/o card

deltav

wireless i/o cards

wioc

firmware

deltav system

ssh

secure shell

CVSS2

5.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.7%

JSON

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.

Affected configurations

Nvd

Node

emersonse4801t0x_redundant_wireless_i\/o_card_firmwareMatch13.3

AND

emersonse4801t0x_redundant_wireless_i\/o_cardMatch-

Node

emersonse4801t1x_simplex_wireless_i\/o_card_firmwareMatch13.3

AND

emersonse4801t1x_simplex_wireless_i\/o_cardMatch-

VendorProductVersionCPE
emersonse4801t0x_redundant_wireless_i\/o_card_firmware13.3cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\/o_card_firmware:13.3:*:*:*:*:*:*:*
emersonse4801t0x_redundant_wireless_i\/o_card-cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\/o_card:-:*:*:*:*:*:*:*
emersonse4801t1x_simplex_wireless_i\/o_card_firmware13.3cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\/o_card_firmware:13.3:*:*:*:*:*:*:*
emersonse4801t1x_simplex_wireless_i\/o_card-cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\/o_card:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emerson	se4801t0x_redundant_wireless_i\/o_card_firmware	13.3	cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\/o_card_firmware:13.3:::::::*
emerson	se4801t0x_redundant_wireless_i\/o_card	-	cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\/o_card:-:::::::*
emerson	se4801t1x_simplex_wireless_i\/o_card_firmware	13.3	cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\/o_card_firmware:13.3:::::::*
emerson	se4801t1x_simplex_wireless_i\/o_card	-	cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\/o_card:-:::::::*

CNA Affected

[
  {
    "product": "Emerson DeltaV Wireless I/O Card 13.3",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Emerson DeltaV Wireless I/O Card 13.3"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94586

ics-cert.us-cert.gov/advisories/ICSA-16-334-03

CVSS2

5.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.7%

JSON

Related for CVE-2016-9347