MidnightBSD

Advisories for enea

CVE-2013-0689 HIGH

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
enea ose *
emerson roc_800_remote_terminal_unit -
emerson dl_8000_remote_terminal_unit -
emerson roc_800l_remote_terminal_unit -
CVE-2013-0692 HIGH

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
enea ose *
emerson roc_800_remote_terminal_unit -
emerson dl_8000_remote_terminal_unit -
emerson roc_800l_remote_terminal_unit -
CVE-2013-0693 HIGH

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
enea ose *
emerson roc_800_remote_terminal_unit -
emerson dl_8000_remote_terminal_unit -
emerson roc_800l_remote_terminal_unit -
CVE-2013-0694 HIGH

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
enea ose *
emerson roc_800_remote_terminal_unit -
emerson dl_8000_remote_terminal_unit -
emerson roc_800l_remote_terminal_unit -