Sign-up

ID

VAR-201310-0176


CVE

CVE-2013-0694


TITLE

plural Emerson Process Management RTU Vulnerabilities in which shell access rights are obtained in product software

Trust: 0.8

sources: JVNDB: JVNDB-2013-004486

DESCRIPTION

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. Emerson Process Management Emerson Process Control is a company that includes process control, electrical and telecommunications, industrial automation, heat transfer, HVAC, and appliances and tools. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. The ROC800 ROM contains a built-in account that allows remote attackers to access the operating system command shell and control the ROC800 device. Multiple Emerson Process Management RTUs including ROC800, DL8000, and ROC800L are prone to a security-bypass vulnerability caused by hard-coded credentials. An attacker can leverage this issue to gain access to the vulnerable device. The following versions are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. The three products ROC800, ROC800L, and DL8000 use ROC800 RTUs

Trust: 2.7

sources: NVD: CVE-2013-0694 // JVNDB: JVNDB-2013-004486 // CNVD: CNVD-2013-13375 // BID: 62667 // IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60696

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13375

AFFECTED PRODUCTS

vendor:eneamodel:osescope:lteversion:2.30

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:eneamodel:osescope:lteversion:1.20

Trust: 1.0

vendor:eneamodel:osescope:lteversion:3.50

Trust: 1.0

vendor:eniamodel:osescope:lteversion:1.20 (roc800l rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:2.30 (dl8000 rtu)

Trust: 0.8

vendor:eniamodel:osescope:lteversion:3.50 (roc800 rtu)

Trust: 0.8

vendor:emersonmodel:dl8000 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:electric co roc800lscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:electric co dl8000scope:eqversion:2.30

Trust: 0.6

vendor:emersonmodel:electric co roc800scope:eqversion:3.50

Trust: 0.6

vendor:eneamodel:osescope:eqversion:2.30

Trust: 0.6

vendor:eneamodel:osescope:eqversion:1.20

Trust: 0.6

vendor:eneamodel:osescope:eqversion:3.50

Trust: 0.6

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:osemodel: - scope:eqversion:1.20

Trust: 0.2

vendor:osemodel: - scope:eqversion:2.30

Trust: 0.2

vendor:osemodel: - scope:eqversion:3.50

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13375 // JVNDB: JVNDB-2013-004486 // CNNVD: CNNVD-201309-489 // NVD: CVE-2013-0694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0694
value: HIGH

Trust: 1.0

NVD: CVE-2013-0694
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13375
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201309-489
value: CRITICAL

Trust: 0.6

IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-60696
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0694
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13375
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60696
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13375 // VULHUB: VHN-60696 // JVNDB: JVNDB-2013-004486 // CNNVD: CNNVD-201309-489 // NVD: CVE-2013-0694

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-60696 // JVNDB: JVNDB-2013-004486 // NVD: CVE-2013-0694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-489

TYPE

Trust management

Trust: 0.8

sources: IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201309-489

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004486

PATCH
title:Top Pageurl:http://www.enea.com/
Trust: 0.8
title:トップページurl:http://www.emerson.co.jp/index.html
Trust: 0.8
title:Patches for multiple Emerson Process Management RTUs built-in account security bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/39894
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13375 // 
            
            
            
            JVNDB: JVNDB-2013-004486

EXTERNAL IDS
db:NVDid:CVE-2013-0694
Trust: 3.6
db:ICS CERTid:ICSA-13-259-01
Trust: 3.1
db:BIDid:62667
Trust: 1.6
db:CNNVDid:CNNVD-201309-489
Trust: 0.9
db:CNVDid:CNVD-2013-13375
Trust: 0.8
db:JVNDBid:JVNDB-2013-004486
Trust: 0.8
db:IVDid:9E1B318A-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60696
Trust: 0.1
sources:
            
            
            IVD: 9e1b318a-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13375 // 
            
            
            
            VULHUB: VHN-60696 // 
            
            
            
            BID: 62667 // 
            
            
            
            JVNDB: JVNDB-2013-004486 // 
            
            
            
            CNNVD: CNNVD-201309-489 // 
            
            
            
            NVD: CVE-2013-0694

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-259-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0694
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0694
Trust: 0.8
url:http://www.securityfocus.com/bid/62667
Trust: 0.6
url:http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13375 // 
            
            
            
            VULHUB: VHN-60696 // 
            
            
            
            BID: 62667 // 
            
            
            
            JVNDB: JVNDB-2013-004486 // 
            
            
            
            CNNVD: CNNVD-201309-489 // 
            
            
            
            NVD: CVE-2013-0694

CREDITS
Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation
Trust: 0.9
sources:
            
            
            BID: 62667 // 
            
            
            
            CNNVD: CNNVD-201309-489

SOURCES
db:IVDid:9e1b318a-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13375
db:VULHUBid:VHN-60696
db:BIDid:62667
db:JVNDBid:JVNDB-2013-004486
db:CNNVDid:CNNVD-201309-489
db:NVDid:CVE-2013-0694

LAST UPDATE DATE
2025-04-11T22:53:11.455000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13375date:2013-09-29T00:00:00
db:VULHUBid:VHN-60696date:2013-10-03T00:00:00
db:BIDid:62667date:2014-12-24T00:55:00
db:JVNDBid:JVNDB-2013-004486date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-489date:2013-10-12T00:00:00
db:NVDid:CVE-2013-0694date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:9e1b318a-2352-11e6-abef-000c29c66e3ddate:2013-09-29T00:00:00
db:CNVDid:CNVD-2013-13375date:2013-09-29T00:00:00
db:VULHUBid:VHN-60696date:2013-10-03T00:00:00
db:BIDid:62667date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004486date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201309-489date:2013-09-27T00:00:00
db:NVDid:CVE-2013-0694date:2013-10-03T11:04:37.447