mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-08 22:18:22 +00:00
213 lines
6.1 KiB
JSON
213 lines
6.1 KiB
JSON
{
|
|
"id": "CVE-2022-30264",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2022-08-16T13:15:11.220",
|
|
"lastModified": "2022-08-17T19:35:10.337",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Las l\u00edneas de productos ROC y FloBoss RTU de Emerson versiones hasta 02-05-2022, llevan a cabo operaciones no seguras en el sistema de archivos. Usan el protocolo ROC (4000/TCP, 5000/TCP) para las comunicaciones entre un terminal maestro y las RTU. El opcode 203 de este protocolo permite a un terminal maestro transferir archivos hacia y desde el sistema de archivos flash y realizar operaciones arbitrarias de lectura, escritura y eliminaci\u00f3n de archivos y directorios."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-345"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:emerson:dl8000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2022-05-02",
|
|
"matchCriteriaId": "6848BBC5-42D4-45BD-A738-55673D183A39"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:emerson:dl8000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "817D1CBC-7964-4F69-B288-08375204CEBF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:emerson:roc809_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2022-05-02",
|
|
"matchCriteriaId": "E76CACF0-855B-4276-938B-F39CDF61C64F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:emerson:roc809:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A225AEFB-DDEB-4B8E-844F-F28D29553ADC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:emerson:roc800l_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2022-05-02",
|
|
"matchCriteriaId": "63A28282-6943-469B-A65E-BF98BD6B1EC9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:emerson:roc800l:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBDF67B8-F3ED-4B86-BCA3-D37EBA33FB87"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:emerson:fb3000_rtu_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2022-05-02",
|
|
"matchCriteriaId": "0D6E2AD1-6922-4017-A85C-083AAD7CEF3B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:emerson:fb3000_rtu:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8FBBD352-D07A-4C8B-ABB4-7464DE36D017"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:emerson:roc827_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2022-05-02",
|
|
"matchCriteriaId": "6E502F01-F50D-4632-B398-817087714A61"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:emerson:roc827:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "502A3489-5A26-4B5C-AFC3-A3A67E52ED24"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Mitigation",
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.forescout.com/blog/",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |