Sign-up

ID

VAR-201310-0174


CVE

CVE-2013-0692


TITLE

Emerson ROC800 Remote Terminal Unit Remote Code Execution Vulnerability

Trust: 0.8

sources: IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13377

DESCRIPTION

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU kernel contains a port for connecting to the debug tool. An attacker can change memory, registers, process state, and full control of the device. Emerson ROC800 Remote Terminal Units are prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected device. Successful exploits will completely compromise the device. The following products are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs

Trust: 2.7

sources: NVD: CVE-2013-0692 // JVNDB: JVNDB-2013-004484 // CNVD: CNVD-2013-13377 // BID: 62664 // IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60694

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13377

AFFECTED PRODUCTS

vendor:eneamodel:osescope:lteversion:2.30

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:eneamodel:osescope:lteversion:1.20

Trust: 1.0

vendor:eneamodel:osescope:lteversion:3.50

Trust: 1.0

vendor:eniamodel:osescope:lteversion:1.20 (roc800l rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:2.30 (dl8000 rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:3.50 (roc800 rtu)

Trust: 0.8

vendor:emersonmodel:dl8000 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:electric co roc800lscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:electric co dl8000scope:eqversion:2.30

Trust: 0.6

vendor:emersonmodel:electric co roc800scope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:1.20

Trust: 0.6

vendor:eneamodel:osescope:eqversion:2.30

Trust: 0.6

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:osemodel: - scope:eqversion:1.20

Trust: 0.2

vendor:osemodel: - scope:eqversion:2.30

Trust: 0.2

vendor:osemodel: - scope:eqversion:3.50

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13377 // JVNDB: JVNDB-2013-004484 // CNNVD: CNNVD-201309-519 // NVD: CVE-2013-0692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0692
value: HIGH

Trust: 1.0

NVD: CVE-2013-0692
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13377
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201309-519
value: CRITICAL

Trust: 0.6

IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-60694
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0692
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13377
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60694
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13377 // VULHUB: VHN-60694 // JVNDB: JVNDB-2013-004484 // CNNVD: CNNVD-201309-519 // NVD: CVE-2013-0692

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-60694 // JVNDB: JVNDB-2013-004484 // NVD: CVE-2013-0692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-519

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-519

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004484

PATCH
title:Top Pageurl:http://www.enea.com/
Trust: 0.8
title:トップページurl:http://www.emerson.co.jp/index.html
Trust: 0.8
title:Emerson ROC800 Remote Terminal Unit Remote Code Execution Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/39892
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13377 // 
            
            
            
            JVNDB: JVNDB-2013-004484

EXTERNAL IDS
db:NVDid:CVE-2013-0692
Trust: 3.6
db:ICS CERTid:ICSA-13-259-01
Trust: 3.1
db:BIDid:62664
Trust: 1.6
db:CNVDid:CNVD-2013-13377
Trust: 0.8
db:CNNVDid:CNNVD-201309-519
Trust: 0.8
db:JVNDBid:JVNDB-2013-004484
Trust: 0.8
db:IVDid:9E2C8EDA-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60694
Trust: 0.1
sources:
            
            
            IVD: 9e2c8eda-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13377 // 
            
            
            
            VULHUB: VHN-60694 // 
            
            
            
            BID: 62664 // 
            
            
            
            JVNDB: JVNDB-2013-004484 // 
            
            
            
            CNNVD: CNNVD-201309-519 // 
            
            
            
            NVD: CVE-2013-0692

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-259-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0692
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=2013-0692
Trust: 0.8
url:http://www.securityfocus.com/bid/62664
Trust: 0.6
url:http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13377 // 
            
            
            
            VULHUB: VHN-60694 // 
            
            
            
            BID: 62664 // 
            
            
            
            JVNDB: JVNDB-2013-004484 // 
            
            
            
            CNNVD: CNNVD-201309-519 // 
            
            
            
            NVD: CVE-2013-0692

CREDITS
Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation
Trust: 0.9
sources:
            
            
            BID: 62664 // 
            
            
            
            CNNVD: CNNVD-201309-519

SOURCES
db:IVDid:9e2c8eda-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13377
db:VULHUBid:VHN-60694
db:BIDid:62664
db:JVNDBid:JVNDB-2013-004484
db:CNNVDid:CNNVD-201309-519
db:NVDid:CVE-2013-0692

LAST UPDATE DATE
2025-04-11T22:53:11.538000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13377date:2013-09-29T00:00:00
db:VULHUBid:VHN-60694date:2013-10-03T00:00:00
db:BIDid:62664date:2014-12-24T00:55:00
db:JVNDBid:JVNDB-2013-004484date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-519date:2013-10-09T00:00:00
db:NVDid:CVE-2013-0692date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:9e2c8eda-2352-11e6-abef-000c29c66e3ddate:2013-09-29T00:00:00
db:CNVDid:CNVD-2013-13377date:2013-09-29T00:00:00
db:VULHUBid:VHN-60694date:2013-10-03T00:00:00
db:BIDid:62664date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004484date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-519date:2013-09-30T00:00:00
db:NVDid:CVE-2013-0692date:2013-10-03T11:04:37.383