cbcvebase.
CVE-2023-49716
published 2024-02-09

CVE-2023-49716: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.3th percentile
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

Affected

6 ranges
VendorProductVersion rangeFixed in
emersongc1500xa_firmware
emersongc370xa_firmware
emersongc700xa_firmware
emersonrosemount_gc1500xa<= Version 4.1.5
emersonrosemount_gc370xa<= Version 4.1.5
emersonrosemount_gc700xa<= Version 4.1.5

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-49716 is a command injection vulnerability (CWE-77) in Emerson Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs (firmware version 4.1.5 and all prior revisions) that allows an authenticated user with network access to run arbitrary commands from a remote computer.
  • The attack vector is adjacent network (AV:A), requiring high complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N), with scope change (S:C). Monitor for unexpected command execution originating from adjacent network segments targeting these devices.
  • Affected products are Emerson Rosemount GC370XA, GC700XA, and GC1500XA running firmware version 4.1.5 and all prior revisions. Identify and prioritize patching of these devices on the network.
  • ·CVE-2023-49716 requires authentication, distinguishing it from the related unauthenticated command injection CVE-2023-46687 (CVSS 9.8) affecting the same product line. Detection logic should account for both authenticated and unauthenticated exploitation paths on these devices.
  • ·No known public exploitation has been reported at time of advisory publication. Attack complexity is rated High, meaning exploitation may require specific conditions or knowledge.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.