CVE-2014-2349
https://notcve.org/view.php?id=CVE-2014-2349
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. Emerson DeltaV 10.3.1, 11.3, 11.3.1 y 12.3 permite a usuarios locales modificar o leer archivos de configuración mediante el aprovechamiento de privilegios de nivel de ingeniería. • http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6030
https://notcve.org/view.php?id=CVE-2013-6030
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. Vulnerabilidad de salto de directorio en el switch KVM Emerson Network Power Avocent MergePoint Unity 2016 (también conocido como MPU2016) con firmware 1.9.16473 permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados, como se muestra leyendo el fichero /etc/passwd. • http://www.kb.cert.org/vuls/id/168751 http://www.securityfocus.com/bid/65105 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-0694
https://notcve.org/view.php?id=CVE-2013-0694
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. El RTU Emerson Process Management ROC800 con software 3.50 y anteriores, DL8000 con software 2.30 y anteriores, y ROC800L con software 1.20 y anteriores tienen credenciales incrustadas en una ROM, lo que hace sencillo para atacantes remotos obtener acceso shell al sistema operativo aprovechando el conocimiento de los contenidos de la ROM de una instalación del producto en cualquier otro lugar. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-255: Credentials Management Errors •
CVE-2013-0693
https://notcve.org/view.php?id=CVE-2013-0693
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. El kernel en ENEA OSE de Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores realiza difusiones network-beacon, lo que permite a atacantes remotos obtener información potencialmente sensible acerca de la presencia del dispositivo escuchando el tráfico de difusión. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-0692
https://notcve.org/view.php?id=CVE-2013-0692
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. El kernel de ENEA OSE, en Emerson Process Management ROC800 con osftware 3.50 y anteriores, DL8000 con osftware 2.30 y anteriores, y ROC800L con software 1.20 y anteriores permite a atacantes remotos ejecutar código arbitrario conectando al servicio de depuración. • http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 • CWE-264: Permissions, Privileges, and Access Controls •