Sign-up

ID

VAR-201412-0027


CVE

CVE-2013-2810


TITLE

plural Emerson Process Management RTU Vulnerability to execute arbitrary commands in product software

Trust: 0.8

sources: JVNDB: JVNDB-2013-006701

DESCRIPTION

Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a third party TCP Reflex attack ( Replay attack ) An arbitrary command may be executed via. The ROC800 RTU product is used to perform multiple PLC-like functions on the control device. Emerson Process Management's ROC800, DL8000 and ROC800L have security bypass vulnerabilities. Allows an attacker to bypass authentication and perform unauthorized operations. The following versions are affected: ROC800 3.50 and prior DL8000 2.30 and prior ROC800L 1.20 and prior. Emerson Process Management ROC800 RTU, DL8000 RTU and ROC800L RTU are all remote terminal unit (RTU) products of Emerson Electric (Emerson Electric) in the United States. Function

Trust: 2.7

sources: NVD: CVE-2013-2810 // JVNDB: JVNDB-2013-006701 // CNVD: CNVD-2014-08734 // BID: 71425 // IVD: b2728756-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-62812

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: b2728756-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08734

AFFECTED PRODUCTS

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion:2.30

Trust: 1.6

vendor:emersonmodel:roc 800l remote terminal unitscope:lteversion:1.20

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:lteversion:3.50

Trust: 1.0

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl 8000 remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion: -

Trust: 1.0

vendor:emersonmodel:dl8000 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:dl8000 rtuscope:lteversion:2.30

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800 rtuscope:lteversion:3.50

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope: - version: -

Trust: 0.8

vendor:emersonmodel:roc800l rtuscope:lteversion:1.20

Trust: 0.8

vendor:emersonmodel:electric co roc800lscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:electric co dl8000scope:eqversion:2.30

Trust: 0.6

vendor:emersonmodel:electric co roc800scope:eqversion:3.50

Trust: 0.6

vendor:emersonmodel:roc 800l remote terminal unitscope:eqversion:1.20

Trust: 0.6

vendor:emersonmodel:roc 800 remote terminal unitscope:eqversion:3.50

Trust: 0.6

vendor:roc 800 remote terminal unitmodel: - scope:eqversion:3.50

Trust: 0.2

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion:1.20

Trust: 0.2

vendor:dl 8000 remote terminal unitmodel: - scope:eqversion:2.30

Trust: 0.2

vendor:roc 800l remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

vendor:roc 800 remote terminal unitmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: b2728756-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08734 // JVNDB: JVNDB-2013-006701 // CNNVD: CNNVD-201412-101 // NVD: CVE-2013-2810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2810
value: HIGH

Trust: 1.0

NVD: CVE-2013-2810
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-08734
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-101
value: CRITICAL

Trust: 0.6

IVD: b2728756-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-62812
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2810
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-08734
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b2728756-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62812
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: b2728756-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08734 // VULHUB: VHN-62812 // JVNDB: JVNDB-2013-006701 // CNNVD: CNNVD-201412-101 // NVD: CVE-2013-2810

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-62812 // JVNDB: JVNDB-2013-006701 // NVD: CVE-2013-2810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-101

TYPE

Design Error

Trust: 0.3

sources: BID: 71425

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006701

PATCH
title:日本エマソン株式会社url:http://www.emerson.co.jp/index.html
Trust: 0.8
title:Multiple Emerson Process Management RTUs security bypass vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/52477
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-08734 // 
            
            
            
            JVNDB: JVNDB-2013-006701

EXTERNAL IDS
db:NVDid:CVE-2013-2810
Trust: 3.6
db:BIDid:71425
Trust: 2.6
db:ICS CERTid:ICSA-13-259-01A
Trust: 2.5
db:CNNVDid:CNNVD-201412-101
Trust: 0.9
db:CNVDid:CNVD-2014-08734
Trust: 0.8
db:JVNDBid:JVNDB-2013-006701
Trust: 0.8
db:XFid:99131
Trust: 0.6
db:NSFOCUSid:28611
Trust: 0.6
db:IVDid:B2728756-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62812
Trust: 0.1
sources:
            
            
            IVD: b2728756-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-08734 // 
            
            
            
            VULHUB: VHN-62812 // 
            
            
            
            BID: 71425 // 
            
            
            
            JVNDB: JVNDB-2013-006701 // 
            
            
            
            CNNVD: CNNVD-201412-101 // 
            
            
            
            NVD: CVE-2013-2810

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-13-259-01a
Trust: 2.5
url:http://www.securityfocus.com/bid/71425
Trust: 2.3
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/99131
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2810
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2810
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/99131
Trust: 0.6
url:http://www.nsfocus.net/vulndb/28611
Trust: 0.6
url:http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-08734 // 
            
            
            
            VULHUB: VHN-62812 // 
            
            
            
            BID: 71425 // 
            
            
            
            JVNDB: JVNDB-2013-006701 // 
            
            
            
            CNNVD: CNNVD-201412-101 // 
            
            
            
            NVD: CVE-2013-2810

CREDITS
Dillon Beresford, Brian Meixell, Marc Ayala and Eric Forner of Cimation
Trust: 0.9
sources:
            
            
            BID: 71425 // 
            
            
            
            CNNVD: CNNVD-201412-101

SOURCES
db:IVDid:b2728756-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-08734
db:VULHUBid:VHN-62812
db:BIDid:71425
db:JVNDBid:JVNDB-2013-006701
db:CNNVDid:CNNVD-201412-101
db:NVDid:CVE-2013-2810

LAST UPDATE DATE
2025-04-13T23:39:08.648000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-08734date:2014-12-05T00:00:00
db:VULHUBid:VHN-62812date:2017-08-29T00:00:00
db:BIDid:71425date:2014-12-24T00:55:00
db:JVNDBid:JVNDB-2013-006701date:2014-12-10T00:00:00
db:CNNVDid:CNNVD-201412-101date:2014-12-15T00:00:00
db:NVDid:CVE-2013-2810date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:b2728756-2351-11e6-abef-000c29c66e3ddate:2014-12-05T00:00:00
db:CNVDid:CNVD-2014-08734date:2014-12-05T00:00:00
db:VULHUBid:VHN-62812date:2014-12-08T00:00:00
db:BIDid:71425date:2014-12-03T00:00:00
db:JVNDBid:JVNDB-2013-006701date:2014-12-10T00:00:00
db:CNNVDid:CNNVD-201412-101date:2014-12-05T00:00:00
db:NVDid:CVE-2013-2810date:2014-12-08T11:59:00.077