In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | Third Party Advisory US Government Resource |
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | Third Party Advisory US Government Resource |
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 08:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 - Third Party Advisory, US Government Resource | |
References | () https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
15 Feb 2024, 07:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 - Third Party Advisory, US Government Resource | |
References | () https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
First Time |
Emerson gc1500xa Firmware
Emerson gc370xa Emerson Emerson gc700xa Emerson gc1500xa Emerson gc370xa Firmware Emerson gc700xa Firmware |
|
CPE | cpe:2.3:h:emerson:gc1500xa:-:*:*:*:*:*:*:* cpe:2.3:o:emerson:gc370xa_firmware:4.1.5:*:*:*:*:*:*:* cpe:2.3:o:emerson:gc1500xa_firmware:4.1.5:*:*:*:*:*:*:* cpe:2.3:o:emerson:gc700xa_firmware:4.1.5:*:*:*:*:*:*:* cpe:2.3:h:emerson:gc700xa:-:*:*:*:*:*:*:* cpe:2.3:h:emerson:gc370xa:-:*:*:*:*:*:*:* |
09 Feb 2024, 14:31
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-09 04:15
Updated : 2024-11-21 08:38
NVD link : CVE-2023-51761
Mitre link : CVE-2023-51761
CVE.ORG link : CVE-2023-51761
JSON object : View
Products Affected
emerson
- gc370xa
- gc700xa
- gc700xa_firmware
- gc1500xa_firmware
- gc370xa_firmware
- gc1500xa
CWE
CWE-287
Improper Authentication