Lucene search

PRIOn knowledge basePRION:CVE-2023-49716

HistoryFeb 09, 2024 - 4:15 a.m.

Cross site request forgery (csrf)

2024-02-0904:15:00

PRIOn knowledge base

www.prio-n.com

emerson rosemount

csrf attack

authenticated user

arbitrary commands

remote computer

security vulnerability

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.4%

JSON

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

CPENameOperatorVersion
gc1500xa_firmwareeq4.1.5
gc370xa_firmwareeq4.1.5
gc700xa_firmwareeq4.1.5

Name	Operator	Version
gc1500xa_firmware	eq	4.1.5
gc370xa_firmware	eq	4.1.5
gc700xa_firmware	eq	4.1.5

References

www.cisa.gov/news-events/ics-advisories/icsa-24-030-01

www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf