Lucene search

[email protected]NVD:CVE-2023-49716

HistoryFeb 09, 2024 - 4:15 a.m.

CVE-2023-49716

2024-02-0904:15:08

CWE-77

[email protected]

web.nvd.nist.gov

emerson

rosemount

gc370xa

gc700xa

gc1500xa

authenticated user

network access

arbitrary commands

remote computer

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

Affected configurations

NVD

Node

emersongc370xaMatch-

AND

emersongc370xa_firmwareMatch4.1.5

Node

emersongc700xaMatch-

AND

emersongc700xa_firmwareMatch4.1.5

Node

emersongc1500xaMatch-

AND

emersongc1500xa_firmwareMatch4.1.5

References

www.cisa.gov/news-events/ics-advisories/icsa-24-030-01

www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for NVD:CVE-2023-49716

cve1 prion1 cvelist1 ics1 thn1