var-201303-0017
Vulnerability from variot
The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. The following are vulnerable: DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav se3006 sd plus controller",
"scope": "lte",
"trust": 1.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.x"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.x"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3005 controller md",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3006 controller md plus",
"version": "*"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav se3006 sd plus controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_se3006_sd_plus_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3005_controller_md",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3006_controller_md_plus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Langill",
"sources": [
{
"db": "BID",
"id": "58366"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4703",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4703",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. \nThe following are vulnerable:\nDeltaV SE3006 SD Plus Controller versions 11.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4703"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4703",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-053-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2013-01690",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52486",
"trust": 0.6
},
{
"db": "BID",
"id": "58366",
"trust": 0.3
},
{
"db": "IVD",
"id": "0DBA175E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"id": "VAR-201303-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
],
"trust": 1.68461536
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
]
},
"last_update_date": "2024-11-23T22:27:29.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/32712"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-053-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4703"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4703"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52486"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2013-03-11T21:55:02.417000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2024-11-21T01:43:23.120000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…