var-201310-0173
Vulnerability from variot
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The following products are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. This product includes ROC800, ROC800L, DL8000, and has the function of executing multiple PLCs (digital operation operation electronics in industrial environments) on control equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "roc 800l remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "3.50"
},
{
"model": "ose",
"scope": "lte",
"trust": 1.0,
"vendor": "enea",
"version": "2.30"
},
{
"model": "roc 800 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "dl 8000 remote terminal unit",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": null
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "1.20 (roc800l rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "2.30 (dl8000 rtu)"
},
{
"model": "ose",
"scope": "lte",
"trust": 0.8,
"vendor": "enia",
"version": "3.50 (roc800 rtu)"
},
{
"model": "dl8000 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800 rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "roc800l rtu",
"scope": null,
"trust": 0.8,
"vendor": "emerson",
"version": null
},
{
"model": "electric co roc800l",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "1.20"
},
{
"model": "electric co dl8000",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.30"
},
{
"model": "electric co roc800",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "3.50"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "1.20"
},
{
"model": "ose",
"scope": "eq",
"trust": 0.6,
"vendor": "enea",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dl 8000 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800 remote terminal unit",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ose",
"version": "3.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "roc 800l remote terminal unit",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:enea:ose",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:emerson:dl_8000_remote_terminal_unit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:emerson:roc_800_remote_terminal_unit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:emerson:roc_800l_remote_terminal_unit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation",
"sources": [
{
"db": "BID",
"id": "62666"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-0689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13378",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "9e315456-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-60691",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0689",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0689",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-13378",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-488",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60691",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. \nThe following products are affected:\nROC800 3.50 and prior\nDL8000 2.30 and prior\nROC800L 1.20 and prior. This product includes ROC800, ROC800L, DL8000, and has the function of executing multiple PLCs (digital operation operation electronics in industrial environments) on control equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60691"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0689",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-259-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62666",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-13378",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E315456-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60691",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"id": "VAR-201310-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
}
]
},
"last_update_date": "2024-08-14T13:35:33.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.enea.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Multiple Emerson Process Management RTUs patch for arbitrary file upload vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/39891"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-259-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0689"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0689"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62666"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"db": "VULHUB",
"id": "VHN-60691"
},
{
"db": "BID",
"id": "62666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60691"
},
{
"date": "2013-09-26T00:00:00",
"db": "BID",
"id": "62666"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"date": "2013-10-03T11:04:37.320000",
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13378"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-60691"
},
{
"date": "2014-12-24T00:55:00",
"db": "BID",
"id": "62666"
},
{
"date": "2013-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004483"
},
{
"date": "2013-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-488"
},
{
"date": "2013-10-03T17:40:26.257000",
"db": "NVD",
"id": "CVE-2013-0689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Emerson Process Management RTU File upload vulnerability in product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004483"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "9e315456-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-488"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…