The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEmerson Dl8000
HWEmersonwszystkie wersjeEmerson Dl8000 Firmware
OSEmerson≤ 2022-05-02Emerson Fb3000 Rtu
HWEmersonwszystkie wersjeEmerson Fb3000 Rtu Firmware
OSEmerson≤ 2022-05-02Emerson Roc800l
HWEmersonwszystkie wersjeEmerson Roc800l Firmware
OSEmerson≤ 2022-05-02Emerson Roc809
HWEmersonwszystkie wersjeEmerson Roc809 Firmware
OSEmerson< 2022-05-02Emerson Roc827
HWEmersonwszystkie wersjeEmerson Roc827 Firmware
OSEmerson< 2022-05-02
Powiązane podatności
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain un...
Emerson Rosemount GC370XA/GC700XA/GC1500XA — zdalne RCE jako root bez uwierzytelnienia
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system p...
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upl...
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traver...