PT-2013-2537 · Emerson Process Management · Roc800L Rtu+1
Published
2013-10-03
·
Updated
2013-10-03
·
CVE-2013-0694
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Emerson Process Management ROC800 RTU versions 3.50 and earlier
Emerson Process Management DL8000 RTU versions 2.30 and earlier
Emerson Process Management ROC800L RTU versions 1.20 and earlier
Description
The issue allows remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere, due to hardcoded credentials in a ROM.
Recommendations
For Emerson Process Management ROC800 RTU versions 3.50 and earlier, consider changing the hardcoded credentials to unique, secure credentials.
For Emerson Process Management DL8000 RTU versions 2.30 and earlier, consider changing the hardcoded credentials to unique, secure credentials.
For Emerson Process Management ROC800L RTU versions 1.20 and earlier, consider changing the hardcoded credentials to unique, secure credentials.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dl8000 Rtu
Roc800L Rtu