Sign-up

ID

VAR-201310-0173


CVE

CVE-2013-0689


TITLE

plural Emerson Process Management RTU File upload vulnerability in product software

Trust: 0.8

sources: JVNDB: JVNDB-2013-004483

DESCRIPTION

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The following products are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. This product includes ROC800, ROC800L, DL8000, and has the function of executing multiple PLCs (digital operation operation electronics in industrial environments) on control equipment

Trust: 2.7

sources: NVD: CVE-2013-0689 // JVNDB: JVNDB-2013-004483 // CNVD: CNVD-2013-13378 // BID: 62666 // IVD: 9e315456-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60691

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e315456-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13378

AFFECTED PRODUCTS

vendor:eneamodel:osescope:lteversion:2.30

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:eneamodel:osescope:lteversion:1.20

Trust: 1.0

vendor:eneamodel:osescope:lteversion:3.50

Trust: 1.0

vendor:eniamodel:osescope:lteversion:1.20 (roc800l rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:2.30 (dl8000 rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:3.50 (roc800 rtu)

Trust: 0.8

vendor:emersonmodel:dl8000 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:electric co roc800lscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:electric co dl8000scope:eqversion:2.30

Trust: 0.6

vendor:emersonmodel:electric co roc800scope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:1.20

Trust: 0.6

vendor:eneamodel:osescope:eqversion:2.30

Trust: 0.6

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:osemodel: - scope:eqversion:1.20

Trust: 0.2

vendor:osemodel: - scope:eqversion:2.30

Trust: 0.2

vendor:osemodel: - scope:eqversion:3.50

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 9e315456-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13378 // JVNDB: JVNDB-2013-004483 // CNNVD: CNNVD-201309-488 // NVD: CVE-2013-0689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0689
value: HIGH

Trust: 1.0

NVD: CVE-2013-0689
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13378
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201309-488
value: CRITICAL

Trust: 0.6

IVD: 9e315456-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-60691
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0689
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13378
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e315456-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60691
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9e315456-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13378 // VULHUB: VHN-60691 // JVNDB: JVNDB-2013-004483 // CNNVD: CNNVD-201309-488 // NVD: CVE-2013-0689

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-60691 // JVNDB: JVNDB-2013-004483 // NVD: CVE-2013-0689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-488

TYPE

Code injection

Trust: 0.8

sources: IVD: 9e315456-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201309-488

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004483

PATCH
title:Top Pageurl:http://www.enea.com/
Trust: 0.8
title:トップページurl:http://www.emerson.co.jp/index.html
Trust: 0.8
title:Multiple Emerson Process Management RTUs patch for arbitrary file upload vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/39891
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13378 // 
            
            
            
            JVNDB: JVNDB-2013-004483

EXTERNAL IDS
db:NVDid:CVE-2013-0689
Trust: 3.6
db:ICS CERTid:ICSA-13-259-01
Trust: 3.1
db:BIDid:62666
Trust: 1.6
db:CNNVDid:CNNVD-201309-488
Trust: 0.9
db:CNVDid:CNVD-2013-13378
Trust: 0.8
db:JVNDBid:JVNDB-2013-004483
Trust: 0.8
db:IVDid:9E315456-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60691
Trust: 0.1
sources:
            
            
            IVD: 9e315456-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13378 // 
            
            
            
            VULHUB: VHN-60691 // 
            
            
            
            BID: 62666 // 
            
            
            
            JVNDB: JVNDB-2013-004483 // 
            
            
            
            CNNVD: CNNVD-201309-488 // 
            
            
            
            NVD: CVE-2013-0689

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-259-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0689
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0689
Trust: 0.8
url:http://www.securityfocus.com/bid/62666
Trust: 0.6
url:http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13378 // 
            
            
            
            VULHUB: VHN-60691 // 
            
            
            
            BID: 62666 // 
            
            
            
            JVNDB: JVNDB-2013-004483 // 
            
            
            
            CNNVD: CNNVD-201309-488 // 
            
            
            
            NVD: CVE-2013-0689

CREDITS
Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation
Trust: 0.9
sources:
            
            
            BID: 62666 // 
            
            
            
            CNNVD: CNNVD-201309-488

SOURCES
db:IVDid:9e315456-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13378
db:VULHUBid:VHN-60691
db:BIDid:62666
db:JVNDBid:JVNDB-2013-004483
db:CNNVDid:CNNVD-201309-488
db:NVDid:CVE-2013-0689

LAST UPDATE DATE
2025-04-11T22:53:11.498000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13378date:2013-09-29T00:00:00
db:VULHUBid:VHN-60691date:2013-10-03T00:00:00
db:BIDid:62666date:2014-12-24T00:55:00
db:JVNDBid:JVNDB-2013-004483date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-488date:2013-10-12T00:00:00
db:NVDid:CVE-2013-0689date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:9e315456-2352-11e6-abef-000c29c66e3ddate:2013-09-29T00:00:00
db:CNVDid:CNVD-2013-13378date:2013-09-29T00:00:00
db:VULHUBid:VHN-60691date:2013-10-03T00:00:00
db:BIDid:62666date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004483date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-488date:2013-09-27T00:00:00
db:NVDid:CVE-2013-0689date:2013-10-03T11:04:37.320