CVE-2013-0689

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type Values Removed Values Added
References () http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 - US Government Resource () http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 - US Government Resource

Information

Published : 2013-10-03 11:04

Updated : 2024-11-21 01:48


NVD link : CVE-2013-0689

Mitre link : CVE-2013-0689

CVE.ORG link : CVE-2013-0689


JSON object : View

Products Affected

emerson

  • roc_800_remote_terminal_unit
  • dl_8000_remote_terminal_unit
  • roc_800l_remote_terminal_unit

enea

  • ose
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')