Vulnerability Description
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emerson | Dl8000 Firmware | <= 2022-05-02 |
| Emerson | Dl8000 | - |
| Emerson | Roc809 Firmware | < 2022-05-02 |
| Emerson | Roc809 | - |
| Emerson | Roc800L Firmware | <= 2022-05-02 |
| Emerson | Roc800L | - |
| Emerson | Fb3000 Rtu Firmware | <= 2022-05-02 |
| Emerson | Fb3000 Rtu | - |
| Emerson | Roc827 Firmware | < 2022-05-02 |
| Emerson | Roc827 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
FAQ
What is CVE-2022-30264?
CVE-2022-30264 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal...
How severe is CVE-2022-30264?
CVE-2022-30264 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-30264?
Check the references section above for vendor advisories and patch information. Affected products include: Emerson Dl8000 Firmware, Emerson Dl8000, Emerson Roc809 Firmware, Emerson Roc809, Emerson Roc800L Firmware.