5 results (0.001 seconds)

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores y ROC800L RTU con software 1.20 y anteriores permiten a atacantes remotos ejecutar comandos arbitrarios a través de un ataque de reproducción de TCP. • http://www.securityfocus.com/bid/71425 https://exchange.xforce.ibmcloud.com/vulnerabilities/99131 https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. El RTU Emerson Process Management ROC800 con software 3.50 y anteriores, DL8000 con software 2.30 y anteriores, y ROC800L con software 1.20 y anteriores tienen credenciales incrustadas en una ROM, lo que hace sencillo para atacantes remotos obtener acceso shell al sistema operativo aprovechando el conocimiento de los contenidos de la ROM de una instalación del producto en cualquier otro lugar. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-255: Credentials Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. El kernel en ENEA OSE de Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores realiza difusiones network-beacon, lo que permite a atacantes remotos obtener información potencialmente sensible acerca de la presencia del dispositivo escuchando el tráfico de difusión. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. El kernel de ENEA OSE, en Emerson Process Management ROC800 con osftware 3.50 y anteriores, DL8000 con osftware 2.30 y anteriores, y ROC800L con software 1.20 y anteriores permite a atacantes remotos ejecutar código arbitrario conectando al servicio de depuración. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. El servidor TFTP en el Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores permite a atacantes remotos subir archivos y por consiguiente ejecutar código arbitrario a través de vectores sin especificar. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •