35 matches found
Code injection
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack...
CVE-2013-2810
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack...
CVE-2013-2810
CVE-2013-2810 affects Emerson Process Management ROC800 RTU family (ROC800/ROC800L/DL8000) with affected software versions (ROC800 3.50 and earlier, DL8000 2.30 and earlier, ROC800L 1.20 and earlier). The vulnerability is a remote command execution via a TCP replay attack, i.e., authentication by...
CVE-2013-0689
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors...
CVE-2013-0693
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive informati...
Code injection
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service...
Hardcoded credentials
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...
CVE-2013-0689
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors...
CVE-2013-0694
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...
CVE-2013-0689
The CVE-2013-0689 issue affects Emerson ROC800 RTU family (ROC800 v3.50 and earlier, DL8000 v2.30 and earlier, ROC800L v1.20 and earlier). The TFTP server component enables remote attackers to upload arbitrary files and execute code on the device via unspecified vectors, enabling remote code exec...
CVE-2013-0693
CVE-2013-0693 affects ENEA OSE on ROC800 RTUs (ROC800, ROC800L, DL8000) with ROM/kernel versions 3.50/2.30/1.20 and earlier. The issue is a network beacon broadcast by the ROC800 kernel, allowing remote attackers to discover device presence and potentially sensitive information by listening to br...
CVE-2013-0692
CVE-2013-0692 affects Emerson ROC800 RTUs running ENEA OSE (ROC800, ROC800L, DL8000) with affected software revisions (ROC800 3.50 or earlier, DL8000 2.30 or earlier, ROC800L 1.20 or earlier). The vulnerability allows remote code execution by connecting to the device’s debug service via the ENEA ...
CVE-2013-0694
CVE-2013-0694 concerns hardcoded credentials in ROMs of Emerson ROC800 RTU family: ROC800 (v3.50 and earlier), DL8000 (v2.30 and earlier), and ROC800L (v1.20 and earlier). The underlying flaw enables remote attackers to obtain a shell on the OS by exploiting ROM contents known from a device insta...
Emerson ROC800 Multiple Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-259-01 Emerson ROC800 Multiple Vulnerabilities that was published September 26, 2013, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...
Emerson ROC800 Multiple Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...