CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04	Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:emerson:dl8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:dl8000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:emerson:roc809_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:roc809:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:emerson:roc800l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:roc800l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:emerson:fb3000_rtu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:fb3000_rtu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:emerson:roc827_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:roc827:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-16 13:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-30264

Mitre link : CVE-2022-30264

CVE.ORG link : CVE-2022-30264

JSON object : View

Products Affected

emerson

fb3000_rtu
roc827_firmware
fb3000_rtu_firmware
roc827
roc800l_firmware
roc809_firmware
dl8000_firmware
roc800l
roc809
dl8000

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2022-30264", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-16T13:15:11.220", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations."}, {"lang": "es", "value": "Las l\u00edneas de productos ROC y FloBoss RTU de Emerson versiones hasta 02-05-2022, llevan a cabo operaciones no seguras en el sistema de archivos. Usan el protocolo ROC (4000/TCP, 5000/TCP) para las comunicaciones entre un terminal maestro y las RTU. El opcode 203 de este protocolo permite a un terminal maestro transferir archivos hacia y desde el sistema de archivos flash y realizar operaciones arbitrarias de lectura, escritura y eliminaci\u00f3n de archivos y directorios."}], "lastModified": "2022-08-17T19:35:10.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:dl8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6848BBC5-42D4-45BD-A738-55673D183A39", "versionEndIncluding": "2022-05-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:dl8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "817D1CBC-7964-4F69-B288-08375204CEBF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:roc809_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E76CACF0-855B-4276-938B-F39CDF61C64F", "versionEndExcluding": "2022-05-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:roc809:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A225AEFB-DDEB-4B8E-844F-F28D29553ADC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:roc800l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63A28282-6943-469B-A65E-BF98BD6B1EC9", "versionEndIncluding": "2022-05-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:roc800l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CBDF67B8-F3ED-4B86-BCA3-D37EBA33FB87"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:fb3000_rtu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D6E2AD1-6922-4017-A85C-083AAD7CEF3B", "versionEndIncluding": "2022-05-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:fb3000_rtu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FBBD352-D07A-4C8B-ABB4-7464DE36D017"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:roc827_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E502F01-F50D-4632-B398-817087714A61", "versionEndExcluding": "2022-05-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:roc827:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "502A3489-5A26-4B5C-AFC3-A3A67E52ED24"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}