CVE-2023-43609
published 2024-02-09CVE-2023-43609: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause…
PriorityP348critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.47%
37.2th percentile
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | gc1500xa_firmware | — | — |
| emerson | gc370xa_firmware | — | — |
| emerson | gc700xa_firmware | — | — |
| emerson | rosemount_gc1500xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc370xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc700xa | <= Version 4.1.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qx4x-jg45-h572: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information
ghsa_unreviewed·2024-02-09
CVE-2023-43609 [MEDIUM] CWE-285 GHSA-qx4x-jg45-h572: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
CISA ICS
Emerson Rosemount GC370XA, GC700XA, GC1500XA
cisa_ics·2024-01-30·CVSS 9.8
[CRITICAL] Emerson Rosemount GC370XA, GC700XA, GC1500XA
ICS Advisory
##
Emerson Rosemount GC370XA, GC700XA, GC1500XA
Release DateJanuary 30, 2024
Alert CodeICSA-24-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely
- Vendor: Emerson
- Equipment: Rosemount GC370XA, GC700XA, GC1500XA
- Vulnerabilities: Command Injection, Improper Authentication, Incorrect Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED P
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf
2024-02-09
Published