Details of VAR-201702-0850

ID

VAR-201702-0850

CVE

CVE-2016-9347

TITLE

Emerson SE4801T0X Redundant and SE4801T1X Simplex Wireless I/O Card In the firmware SSH Vulnerabilities whose features are unnecessarily enabled

Trust: 0.8

sources: JVNDB: JVNDB-2016-007965

DESCRIPTION

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. EmersonSE4801T0XRedundantWirelessI/OCard and SE4801T1XSimplexWirelessI/OCard are wireless I/O cards from Emerson Electric, Inc., which are used to connect workstations and servers in DeltaV (software for process control) networks. A security vulnerability exists in EmersonSE4801T0XRedundantWirelessI/OCardV13.3 and SE4801T1XSimplexWirelessI/OCardV13.3. A remote attacker could exploit the vulnerability to access the device's file system by using an open port. Multiple Emerson products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Trust: 2.7

sources: NVD: CVE-2016-9347 // JVNDB: JVNDB-2016-007965 // CNVD: CNVD-2016-11896 // BID: 94586 // IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // VULHUB: VHN-98167

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // CNVD: CNVD-2016-11896

AFFECTED PRODUCTS

vendor:	emerson	model:	se4801t1x simplex wireless i/o card	scope:	eq	version:	13.3	Trust: 1.7
vendor:	emerson	model:	se4801t0x redundant wireless i/o card	scope:	eq	version:	13.3	Trust: 1.7
vendor:	emerson	model:	se4801t0x redundant wireless i\/o card	scope:	eq	version:	13.3	Trust: 1.6
vendor:	emerson	model:	se4801t1x simplex wireless i\/o card	scope:	eq	version:	13.3	Trust: 1.6
vendor:	emerson	model:	se4801t0x redundant wireless i/o card	scope:	-	version:	-	Trust: 0.8
vendor:	emerson	model:	se4801t1x simplex wireless i/o card	scope:	-	version:	-	Trust: 0.8
vendor:	se4801t0x redundant i o card	model:	-	scope:	eq	version:	13.3	Trust: 0.2
vendor:	se4801t1x simplex i o card	model:	-	scope:	eq	version:	13.3	Trust: 0.2

sources: IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // CNVD: CNVD-2016-11896 // BID: 94586 // JVNDB: JVNDB-2016-007965 // CNNVD: CNNVD-201611-705 // NVD: CVE-2016-9347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9347
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9347
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11896
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-705
value:	MEDIUM
Trust: 0.6
IVD:	a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-98167
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9347
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11896
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-98167
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9347
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // CNVD: CNVD-2016-11896 // VULHUB: VHN-98167 // JVNDB: JVNDB-2016-007965 // CNNVD: CNNVD-201611-705 // NVD: CVE-2016-9347

PROBLEMTYPE DATA

problemtype:

CWE-254

Trust: 1.9

sources: VULHUB: VHN-98167 // JVNDB: JVNDB-2016-007965 // NVD: CVE-2016-9347

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201611-705

TYPE

other

Trust: 0.8

sources: IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // CNNVD: CNNVD-201611-705

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007965

PATCH

title:	分散型制御システム（DCS） DeltaVシステム	url:	http://www.emerson.co.jp/div/epm/product5_1.html	Trust: 0.8
title:	Patches for multiple Emerson product security bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/85021	Trust: 0.6
title:	Emerson SE4801T0X Redundant Wireless I/O Card and SE4801T1X Simplex Wireless I/O Card Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65972	Trust: 0.6

sources: CNVD: CNVD-2016-11896 // JVNDB: JVNDB-2016-007965 // CNNVD: CNNVD-201611-705

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9347	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-334-03	Trust: 3.4
db:	BID	id:	94586	Trust: 2.6
db:	CNNVD	id:	CNNVD-201611-705	Trust: 0.9
db:	CNVD	id:	CNVD-2016-11896	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007965	Trust: 0.8
db:	IVD	id:	A3B16A9F-D6C5-455D-B34F-EA13CB0F0B9B	Trust: 0.2
db:	VULHUB	id:	VHN-98167	Trust: 0.1

sources: IVD: a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b // CNVD: CNVD-2016-11896 // VULHUB: VHN-98167 // BID: 94586 // JVNDB: JVNDB-2016-007965 // CNNVD: CNNVD-201611-705 // NVD: CVE-2016-9347

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-334-03	Trust: 3.4
url:	http://www.securityfocus.com/bid/94586	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9347	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9347	Trust: 0.8
url:	http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx	Trust: 0.3

sources: CNVD: CNVD-2016-11896 // VULHUB: VHN-98167 // BID: 94586 // JVNDB: JVNDB-2016-007965 // CNNVD: CNNVD-201611-705 // NVD: CVE-2016-9347

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94586

SOURCES

db:	IVD	id:	a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b
db:	CNVD	id:	CNVD-2016-11896
db:	VULHUB	id:	VHN-98167
db:	BID	id:	94586
db:	JVNDB	id:	JVNDB-2016-007965
db:	CNNVD	id:	CNNVD-201611-705
db:	NVD	id:	CVE-2016-9347

LAST UPDATE DATE

2025-04-20T23:29:44.921000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11896	date:	2016-12-06T00:00:00
db:	VULHUB	id:	VHN-98167	date:	2017-03-13T00:00:00
db:	BID	id:	94586	date:	2016-12-20T00:04:00
db:	JVNDB	id:	JVNDB-2016-007965	date:	2017-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201611-705	date:	2016-12-06T00:00:00
db:	NVD	id:	CVE-2016-9347	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b	date:	2016-12-06T00:00:00
db:	CNVD	id:	CNVD-2016-11896	date:	2016-12-06T00:00:00
db:	VULHUB	id:	VHN-98167	date:	2017-02-13T00:00:00
db:	BID	id:	94586	date:	2016-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2016-007965	date:	2017-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201611-705	date:	2016-11-29T00:00:00
db:	NVD	id:	CVE-2016-9347	date:	2017-02-13T21:59:01.830