CVE-2013-0693

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01	US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01	US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type	Values Removed	Values Added
References	~~() http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 - US Government Resource~~	() http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 - US Government Resource

Information

Published : 2013-10-03 11:04

Updated : 2024-11-21 01:48

NVD link : CVE-2013-0693

Mitre link : CVE-2013-0693

CVE.ORG link : CVE-2013-0693

JSON object : View

Products Affected

emerson

roc_800_remote_terminal_unit
dl_8000_remote_terminal_unit
roc_800l_remote_terminal_unit

enea

ose

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-0693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-03T11:04:37.430", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic."}, {"lang": "es", "value": "El kernel en ENEA OSE de Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores, y ROC800L RTU con software 1.20 y anteriores realiza difusiones network-beacon, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible acerca de la presencia del dispositivo escuchando el tr\u00e1fico de difusi\u00f3n."}], "lastModified": "2024-11-21T01:48:01.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54CB70DF-F2C3-481A-852A-1A83909F0974", "versionEndIncluding": "1.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1935960D-E2BF-4348-AE45-29DDC1683C8D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D25E1CE-72CF-4D4B-940F-720362EC5B19", "versionEndIncluding": "2.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E57C5C99-9480-4506-B8B4-A83485050B91"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D91452FC-4D1C-470E-A886-E7BDA49A2DBE", "versionEndIncluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C553AD-326E-4135-BA54-35830CD6B13C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}