CVE-2013-2810
published 2014-12-08CVE-2013-2810: Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.98%
92.4th percentile
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | dl_8000_remote_terminal_unit_firmware | — | — |
| emerson | roc_800_remote_terminal_unit_firmware | <= 3.50 | — |
| emerson | roc_800l_remote_terminal_unit_firmware | <= 1.20 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect TCP replay attacks targeting Emerson ROC800 RTU devices — monitor for replayed TCP sessions delivering commands to ROC800 devices, which lack replay protection and will execute the replayed commands ↗
- →Monitor for TFTP traffic (UDP port 69) to/from ROC800 RTU devices, as an exposed TFTP server allows arbitrary file uploads to the device ↗
- →Detect OSE debug service connections — monitor for inbound TCP connections to the ENEA OSE debug port on ROC800 devices, which allows remote attachment of debuggers and full device control ↗
- →Detect OSE debug broadcast beacons — monitor for network beacon traffic originating from ROC800 devices running the ENEA OSE operating system, which advertises the presence of the OSE debug service ↗
- ·The vendor patch mitigates all vulnerabilities EXCEPT the authentication bypass (CVE-2013-2810); a third-party device (Moxa EDR-810) placed in front of the ROC800 is the recommended mitigation for this specific CVE ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Emerson ROC800 Multiple Vulnerabilities (Update B)
cisa_ics·2014-12-02
Emerson ROC800 Multiple Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Emerson ROC800 Multiple Vulnerabilities (Update B)
Last RevisedSeptember 05, 2018
Alert CodeICSA-13-259-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS‑CERT web site.
This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management’s ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000).
Researchers Dillon Beresford, Brian Meixell, Marc Ayala, and Eric Forner, formal
CISA ICS
Emerson ROC800 Multiple Vulnerabilities (Update A)
cisa_ics·2013-09-26
Emerson ROC800 Multiple Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Emerson ROC800 Multiple Vulnerabilities (Update A)
Last RevisedSeptember 10, 2018
Alert CodeICSA-13-259-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-13-259-01 Emerson ROC800 Multiple Vulnerabilities that was published September 26, 2013, on the NCCIC/ICS‑CERT web site.
This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management’s ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000).
## --------- Begin Update A Part 1 of 3 --------
Researchers Dillon Beresford
GHSA
GHSA-x885-qhjh-5vg4: Emerson Process Management ROC800 RTU with software 3
ghsa_unreviewed·2022-05-17
CVE-2013-2810 [HIGH] CWE-77 GHSA-x885-qhjh-5vg4: Emerson Process Management ROC800 RTU with software 3
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/71425https://exchange.xforce.ibmcloud.com/vulnerabilities/99131https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01Ahttp://www.securityfocus.com/bid/71425https://exchange.xforce.ibmcloud.com/vulnerabilities/99131https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A
2014-12-08
Published