PT-2024-1400 · Emerson · Emerson Rosemount Gc370Xa+2
Vera Mens
·
Published
2024-01-30
·
Updated
2024-02-15
·
CVE-2023-46687
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Emerson Rosemount GC370XA, GC700XA, and GC1500XA products (affected versions not specified)
Description
The issue allows an unauthenticated user with network access to execute arbitrary commands in root context from a remote computer. This is related to the failure to neutralize special elements used in the operating system command, which can be exploited by an attacker to execute arbitrary code by injecting it into the command 0x23 (Gunzip).
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emerson Rosemount Gc1500Xa
Emerson Rosemount Gc370Xa
Emerson Rosemount Gc700Xa