Vulnerability Description
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enea | Ose | <= 2.30 |
| Emerson | Dl 8000 Remote Terminal Unit | - |
| Emerson | Roc 800L Remote Terminal Unit | - |
| Emerson | Roc 800 Remote Terminal Unit | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01US Government Resource
FAQ
What is CVE-2013-0694?
CVE-2013-0694 is a vulnerability with a CVSS score of 9.0 (HIGH). The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM,...
How severe is CVE-2013-0694?
CVE-2013-0694 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0694?
Check the references section above for vendor advisories and patch information. Affected products include: Enea Ose, Emerson Dl 8000 Remote Terminal Unit, Emerson Roc 800L Remote Terminal Unit, Emerson Roc 800 Remote Terminal Unit.