Details of VAR-201303-0017

ID

VAR-201303-0017

CVE

CVE-2012-4703

TITLE

Emerson DeltaV Denial of service vulnerability

Trust: 1.4

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01690 // CNNVD: CNNVD-201303-143

DESCRIPTION

The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. The following are vulnerable: DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior

Trust: 2.61

sources: NVD: CVE-2012-4703 // JVNDB: JVNDB-2013-001866 // CNVD: CNVD-2013-01690 // BID: 58366 // IVD: 0dba175e-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01690

AFFECTED PRODUCTS

vendor:	emerson	model:	deltav se3006 sd plus controller	scope:	lte	version:	11.3.1	Trust: 1.8
vendor:	emerson	model:	deltav ve3005 controller md	scope:	lte	version:	10.3.1	Trust: 1.0
vendor:	emerson	model:	deltav ve3006 controller md plus	scope:	lte	version:	10.3.1	Trust: 1.0
vendor:	emerson	model:	deltav ve3005 controller md	scope:	lte	version:	11.3.1	Trust: 1.0
vendor:	emerson	model:	deltav ve3006 controller md plus	scope:	lte	version:	11.3.1	Trust: 1.0
vendor:	emerson	model:	deltav ve3005 controller md hardware	scope:	lte	version:	10.3.1	Trust: 0.8
vendor:	emerson	model:	deltav ve3005 controller md hardware	scope:	lte	version:	11.3.1	Trust: 0.8
vendor:	emerson	model:	deltav ve3006 controller md plus hardware	scope:	lte	version:	10.3.1	Trust: 0.8
vendor:	emerson	model:	deltav ve3006 controller md plus hardware	scope:	lte	version:	11.3.1	Trust: 0.8
vendor:	emerson	model:	deltav	scope:	eq	version:	11.x	Trust: 0.6
vendor:	emerson	model:	deltav	scope:	eq	version:	10.x	Trust: 0.6
vendor:	emerson	model:	deltav ve3006 controller md plus	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	emerson	model:	deltav ve3006 controller md plus	scope:	eq	version:	11.3.1	Trust: 0.6
vendor:	emerson	model:	deltav se3006 sd plus controller	scope:	eq	version:	11.3.1	Trust: 0.6
vendor:	emerson	model:	deltav ve3005 controller md	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	emerson	model:	deltav ve3005 controller md	scope:	eq	version:	11.3.1	Trust: 0.6
vendor:	deltav ve3005 controller md	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	deltav ve3006 controller md plus	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	emerson	model:	electric co deltav ve3006 controller md plus hardware	scope:	eq	version:	11.3.1	Trust: 0.3
vendor:	emerson	model:	electric co deltav ve3006 controller md plus hardware	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	emerson	model:	electric co deltav ve3005 controller md hardware	scope:	eq	version:	11.3.1	Trust: 0.3
vendor:	emerson	model:	electric co deltav ve3005 controller md hardware	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	emerson	model:	electric co deltav se3006 sd plus controller	scope:	eq	version:	11.3.1	Trust: 0.3
vendor:	deltav se3006 sd plus controller	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01690 // BID: 58366 // JVNDB: JVNDB-2013-001866 // CNNVD: CNNVD-201303-143 // NVD: CVE-2012-4703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4703
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4703
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201303-143
value:	MEDIUM
Trust: 0.6
IVD:	0dba175e-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2012-4703
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	0dba175e-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001866 // CNNVD: CNNVD-201303-143 // NVD: CVE-2012-4703

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2013-001866 // NVD: CVE-2012-4703

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201303-143

TYPE

Resource management error

Trust: 0.8

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001866

PATCH

title:	Top Page	url:	http://www.emerson.com/en-US/Pages/default.aspx	Trust: 0.8
title:	日本エマソン株式会社	url:	http://www.emerson.co.jp/index.html	Trust: 0.8
title:	分散型制御システム（DCS） DeltaVシステム	url:	http://www.emerson.co.jp/div/epm/product5_1.html	Trust: 0.8
title:	Emerson DeltaV denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/32712	Trust: 0.6

sources: CNVD: CNVD-2013-01690 // JVNDB: JVNDB-2013-001866

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4703	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-053-01	Trust: 3.3
db:	CNVD	id:	CNVD-2013-01690	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-143	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001866	Trust: 0.8
db:	SECUNIA	id:	52486	Trust: 0.6
db:	BID	id:	58366	Trust: 0.3
db:	IVD	id:	0DBA175E-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 0dba175e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01690 // BID: 58366 // JVNDB: JVNDB-2013-001866 // CNNVD: CNNVD-201303-143 // NVD: CVE-2012-4703

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-053-01.pdf	Trust: 3.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4703	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4703	Trust: 0.8
url:	http://secunia.com/advisories/52486	Trust: 0.6
url:	http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx	Trust: 0.3

sources: CNVD: CNVD-2013-01690 // BID: 58366 // JVNDB: JVNDB-2013-001866 // CNNVD: CNNVD-201303-143 // NVD: CVE-2012-4703

CREDITS

Joel Langill

Trust: 0.3

sources: BID: 58366

SOURCES

db:	IVD	id:	0dba175e-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-01690
db:	BID	id:	58366
db:	JVNDB	id:	JVNDB-2013-001866
db:	CNNVD	id:	CNNVD-201303-143
db:	NVD	id:	CVE-2012-4703

LAST UPDATE DATE

2025-04-11T23:15:26.984000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-01690	date:	2013-03-11T00:00:00
db:	BID	id:	58366	date:	2013-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-001866	date:	2013-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201303-143	date:	2013-03-13T00:00:00
db:	NVD	id:	CVE-2012-4703	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	0dba175e-2353-11e6-abef-000c29c66e3d	date:	2013-03-11T00:00:00
db:	CNVD	id:	CNVD-2013-01690	date:	2013-03-11T00:00:00
db:	BID	id:	58366	date:	2013-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-001866	date:	2013-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201303-143	date:	2013-03-11T00:00:00
db:	NVD	id:	CVE-2012-4703	date:	2013-03-11T21:55:02.417