CVE-2023-49716
published 2024-02-09CVE-2023-49716: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.3th percentile
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | gc1500xa_firmware | — | — |
| emerson | gc370xa_firmware | — | — |
| emerson | gc700xa_firmware | — | — |
| emerson | rosemount_gc1500xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc370xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc700xa | <= Version 4.1.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-49716 is a command injection vulnerability (CWE-77) in Emerson Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs (firmware version 4.1.5 and all prior revisions) that allows an authenticated user with network access to run arbitrary commands from a remote computer. ↗
- →The attack vector is adjacent network (AV:A), requiring high complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N), with scope change (S:C). Monitor for unexpected command execution originating from adjacent network segments targeting these devices. ↗
- →Affected products are Emerson Rosemount GC370XA, GC700XA, and GC1500XA running firmware version 4.1.5 and all prior revisions. Identify and prioritize patching of these devices on the network. ↗
- ·CVE-2023-49716 requires authentication, distinguishing it from the related unauthenticated command injection CVE-2023-46687 (CVSS 9.8) affecting the same product line. Detection logic should account for both authenticated and unauthenticated exploitation paths on these devices. ↗
- ·No known public exploitation has been reported at time of advisory publication. Attack complexity is rated High, meaning exploitation may require specific conditions or knowledge. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Emerson Rosemount GC370XA, GC700XA, GC1500XA
cisa_ics·2024-01-30·CVSS 9.8
[CRITICAL] Emerson Rosemount GC370XA, GC700XA, GC1500XA
ICS Advisory
##
Emerson Rosemount GC370XA, GC700XA, GC1500XA
Release DateJanuary 30, 2024
Alert CodeICSA-24-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely
- Vendor: Emerson
- Equipment: Rosemount GC370XA, GC700XA, GC1500XA
- Vulnerabilities: Command Injection, Improper Authentication, Incorrect Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED P
GHSA
GHSA-4g5m-mvcr-vvh6: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote com
ghsa_unreviewed·2024-02-09
CVE-2023-49716 [MEDIUM] CWE-77 GHSA-4g5m-mvcr-vvh6: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote com
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf
2024-02-09
Published