Vulnerability CVE-2013-2810


Published: 2014-12-08

Description:
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack.

Type:

CWE-77

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Emerson -> Dl 8000 remote terminal unit 
Emerson -> Roc 800 remote terminal unit 
Emerson -> Roc 800l remote terminal unit 
Emerson -> Dl 8000 remote terminal unit firmware 
Emerson -> Roc 800 remote terminal unit firmware 
Emerson -> Roc 800l remote terminal unit firmware 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A
http://xforce.iss.net/xforce/xfdb/99131
http://www.securityfocus.com/bid/71425

Copyright 2024, cxsecurity.com

 

Back to Top