cbcvebase.
CVE-2013-2810
published 2014-12-08

CVE-2013-2810: Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.98%
92.4th percentile
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack.

Affected

3 ranges
VendorProductVersion rangeFixed in
emersondl_8000_remote_terminal_unit_firmware
emersonroc_800_remote_terminal_unit_firmware<= 3.50
emersonroc_800l_remote_terminal_unit_firmware<= 1.20

Detection & IOCsextracted from sources · hover to see the quote

  • Detect TCP replay attacks targeting Emerson ROC800 RTU devices — monitor for replayed TCP sessions delivering commands to ROC800 devices, which lack replay protection and will execute the replayed commands
  • Monitor for TFTP traffic (UDP port 69) to/from ROC800 RTU devices, as an exposed TFTP server allows arbitrary file uploads to the device
  • Detect OSE debug service connections — monitor for inbound TCP connections to the ENEA OSE debug port on ROC800 devices, which allows remote attachment of debuggers and full device control
  • Detect OSE debug broadcast beacons — monitor for network beacon traffic originating from ROC800 devices running the ENEA OSE operating system, which advertises the presence of the OSE debug service
  • ·The vendor patch mitigates all vulnerabilities EXCEPT the authentication bypass (CVE-2013-2810); a third-party device (Moxa EDR-810) placed in front of the ROC800 is the recommended mitigation for this specific CVE
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.