CVE-2013-0689

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.
References
Link Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-10-03 11:04

Updated : 2024-02-28 12:00


NVD link : CVE-2013-0689

Mitre link : CVE-2013-0689

CVE.ORG link : CVE-2013-0689


JSON object : View

Products Affected

enea

  • ose

emerson

  • roc_800_remote_terminal_unit
  • dl_8000_remote_terminal_unit
  • roc_800l_remote_terminal_unit
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')