#VU66416 Insufficient verification of data authenticity in Emerson products - CVE-2022-30264

Cybersecurity Help s.r.o.

Published: 2022-08-12

Vulnerability identifier: #VU66416

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-30264

CWE-ID: CWE-345

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
ROC800
Hardware solutions / Routers & switches, VoIP, GSM, etc
ROC800L
Hardware solutions / Routers & switches, VoIP, GSM, etc
DL8000
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Emerson

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected product uses the ROC protocol for communications. A local administrator can read, write and delete file or folder operations.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ROC800: All versions

ROC800L: All versions

DL8000: All versions

External links
https://ics-cert.us-cert.gov/advisories/icsa-22-223-04

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Insufficient verification of data authenticity in Emerson ROC800, ROC800L and DL8000