CVE-2023-51761
published 2024-02-09CVE-2023-51761: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin…
PriorityP356high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.68%
47.8th percentile
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | gc1500xa_firmware | — | — |
| emerson | gc370xa_firmware | — | — |
| emerson | gc700xa_firmware | — | — |
| emerson | rosemount_gc1500xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc370xa | <= Version 4.1.5 | — |
| emerson | rosemount_gc700xa | <= Version 4.1.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Emerson Rosemount GC370XA, GC700XA, GC1500XA
cisa_ics·2024-01-30·CVSS 9.8
[CRITICAL] Emerson Rosemount GC370XA, GC700XA, GC1500XA
ICS Advisory
##
Emerson Rosemount GC370XA, GC700XA, GC1500XA
Release DateJanuary 30, 2024
Alert CodeICSA-24-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely
- Vendor: Emerson
- Equipment: Rosemount GC370XA, GC700XA, GC1500XA
- Vulnerabilities: Command Injection, Improper Authentication, Incorrect Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED P
GHSA
GHSA-j2p9-482v-5wj6: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admi
ghsa_unreviewed·2024-02-09
CVE-2023-51761 [HIGH] CWE-287 GHSA-j2p9-482v-5wj6: In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admi
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf
2024-02-09
Published