CVE-2013-0694
Last modified
CVE-2013-0694 is a vulnerability of currently unknown severity. The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.. EPSS estimates a 2.58% chance of exploitation in the next 30 days.
Description
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Enea | Ose | <= 2.30 |
| Emerson | Dl 8000 Remote Terminal Unit | All versions |
| Enea | Ose | <= 1.20 |
| Emerson | Roc 800l Remote Terminal Unit | All versions |
| Enea | Ose | <= 3.50 |
| Emerson | Roc 800 Remote Terminal Unit | All versions |
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-0694?
How severe is CVE-2013-0694?
How do I fix CVE-2013-0694?
Are you affected by CVE-2013-0694?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST