Sign-up

ID

VAR-201310-0175


CVE

CVE-2013-0693


TITLE

plural Emerson Process Management RTU Run on product ENEA OSE Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-004485

DESCRIPTION

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 RTU runs on the ENEA OSE operating system, and the kernel running on the ROC800 device broadcasts web beacons, allowing attackers to easily detect OSE debugging vulnerabilities. This vulnerability can be exploited remotely. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a remote security vulnerability. An attacker can exploit the issue to perform unauthorized actions. This may aid in further attacks. The following versions are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs

Trust: 2.7

sources: NVD: CVE-2013-0693 // JVNDB: JVNDB-2013-004485 // CNVD: CNVD-2013-13376 // BID: 62670 // IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60695

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13376

AFFECTED PRODUCTS

vendor:eneamodel:osescope:lteversion:2.30

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:eneamodel:osescope:lteversion:1.20

Trust: 1.0

vendor:eneamodel:osescope:lteversion:3.50

Trust: 1.0

vendor:eniamodel:osescope:lteversion:1.20 (roc800l rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:2.30 (dl8000 rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:3.50 (roc800 rtu)

Trust: 0.8

vendor:emersonmodel:dl8000 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:electric co roc800lscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:electric co dl8000scope:eqversion:2.30

Trust: 0.6

vendor:emersonmodel:electric co roc800scope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:2.30

Trust: 0.6

vendor:eneamodel:osescope:eqversion:1.20

Trust: 0.6

vendor:eneamodel:osescope:eqversion:3.50

Trust: 0.6

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:osemodel: - scope:eqversion:1.20

Trust: 0.2

vendor:osemodel: - scope:eqversion:2.30

Trust: 0.2

vendor:osemodel: - scope:eqversion:3.50

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13376 // JVNDB: JVNDB-2013-004485 // CNNVD: CNNVD-201309-491 // NVD: CVE-2013-0693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0693
value: HIGH

Trust: 1.0

NVD: CVE-2013-0693
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13376
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201309-491
value: CRITICAL

Trust: 0.6

IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-60695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0693
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13376
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60695
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13376 // VULHUB: VHN-60695 // JVNDB: JVNDB-2013-004485 // CNNVD: CNNVD-201309-491 // NVD: CVE-2013-0693

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-60695 // JVNDB: JVNDB-2013-004485 // NVD: CVE-2013-0693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-491

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201309-491

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004485

PATCH
title:Top Pageurl:http://www.enea.com/
Trust: 0.8
title:トップページurl:http://www.emerson.co.jp/index.html
Trust: 0.8
title:Multiple Emerson Process Management RTUs remote vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/39893
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13376 // 
            
            
            
            JVNDB: JVNDB-2013-004485

EXTERNAL IDS
db:NVDid:CVE-2013-0693
Trust: 3.6
db:ICS CERTid:ICSA-13-259-01
Trust: 3.1
db:BIDid:62670
Trust: 1.6
db:CNNVDid:CNNVD-201309-491
Trust: 0.9
db:CNVDid:CNVD-2013-13376
Trust: 0.8
db:JVNDBid:JVNDB-2013-004485
Trust: 0.8
db:IVDid:9E239B9A-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60695
Trust: 0.1
sources:
            
            
            IVD: 9e239b9a-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13376 // 
            
            
            
            VULHUB: VHN-60695 // 
            
            
            
            BID: 62670 // 
            
            
            
            JVNDB: JVNDB-2013-004485 // 
            
            
            
            CNNVD: CNNVD-201309-491 // 
            
            
            
            NVD: CVE-2013-0693

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-259-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0693
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=2013-0693
Trust: 0.8
url:http://www.securityfocus.com/bid/62670
Trust: 0.6
url:http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13376 // 
            
            
            
            VULHUB: VHN-60695 // 
            
            
            
            BID: 62670 // 
            
            
            
            JVNDB: JVNDB-2013-004485 // 
            
            
            
            CNNVD: CNNVD-201309-491 // 
            
            
            
            NVD: CVE-2013-0693

CREDITS
Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation
Trust: 0.9
sources:
            
            
            BID: 62670 // 
            
            
            
            CNNVD: CNNVD-201309-491

SOURCES
db:IVDid:9e239b9a-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13376
db:VULHUBid:VHN-60695
db:BIDid:62670
db:JVNDBid:JVNDB-2013-004485
db:CNNVDid:CNNVD-201309-491
db:NVDid:CVE-2013-0693

LAST UPDATE DATE
2025-04-11T22:53:11.417000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13376date:2013-09-29T00:00:00
db:VULHUBid:VHN-60695date:2013-10-03T00:00:00
db:BIDid:62670date:2014-12-24T00:55:00
db:JVNDBid:JVNDB-2013-004485date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-491date:2013-10-12T00:00:00
db:NVDid:CVE-2013-0693date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:9e239b9a-2352-11e6-abef-000c29c66e3ddate:2013-09-29T00:00:00
db:CNVDid:CNVD-2013-13376date:2013-09-29T00:00:00
db:VULHUBid:VHN-60695date:2013-10-03T00:00:00
db:BIDid:62670date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004485date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-491date:2013-09-27T00:00:00
db:NVDid:CVE-2013-0693date:2013-10-03T11:04:37.430