/

CVE-2023-1935 Report - Details, Severity, & Advisories

CVE-2023-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-1935?

A high-severity vulnerability, CVE-2023-1935, has been identified in ROC800-Series RTU devices, which are used in various industrial control systems. This authentication bypass vulnerability could allow an attacker to gain unauthorized access to data or control of the device, potentially causing a denial-of-service condition. The affected devices include the Emerson ROC800-Series RTU, such as ROC800, ROC800L, and DL8000 Preset Controllers. It's crucial for organizations using these systems to be aware of this vulnerability and take appropriate mitigation measures to protect their infrastructure.

Who is impacted?

The CVE-2023-1935 vulnerability affects users of Emerson ROC800-Series RTU devices, specifically the ROC809, ROC827, ROC809L, ROC827L, and DL8000 configurations. All firmware versions of these devices are impacted by this issue. This vulnerability could potentially allow unauthorized access to data or control of the device, posing a risk to organizations using these systems in their infrastructure.

What to do if CVE-2023-1935 affected you

If you're affected by the CVE-2023-1935 vulnerability, it's important to take action to protect your infrastructure. Follow these steps to mitigate the risk:

  1. Update your Emerson ROC800-Series RTU and DL8000 Preset Controller firmware to the latest version provided by Emerson.

  2. Validate the firmware image using MD5/SHA256 Hashes published by Emerson on SupportNet.

  3. Follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability, CVE-2023-1935, in ROC800-Series RTU devices is not listed in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability was published on August 2, 2023. To mitigate the risk, users should update their Emerson ROC800-Series RTU and DL8000 Preset Controller firmware, validate the firmware image, and follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which refers to Improper Authentication in ROC800-Series RTU devices.

Learn More

CVE-2023-1935 is a high-severity vulnerability affecting ROC800-Series RTU devices, posing a risk to organizations using these systems. For a comprehensive understanding of the vulnerability, its description, severity, technical details, and affected software configurations, refer to the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1935 Report - Details, Severity, & Advisories

CVE-2023-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-1935?

A high-severity vulnerability, CVE-2023-1935, has been identified in ROC800-Series RTU devices, which are used in various industrial control systems. This authentication bypass vulnerability could allow an attacker to gain unauthorized access to data or control of the device, potentially causing a denial-of-service condition. The affected devices include the Emerson ROC800-Series RTU, such as ROC800, ROC800L, and DL8000 Preset Controllers. It's crucial for organizations using these systems to be aware of this vulnerability and take appropriate mitigation measures to protect their infrastructure.

Who is impacted?

The CVE-2023-1935 vulnerability affects users of Emerson ROC800-Series RTU devices, specifically the ROC809, ROC827, ROC809L, ROC827L, and DL8000 configurations. All firmware versions of these devices are impacted by this issue. This vulnerability could potentially allow unauthorized access to data or control of the device, posing a risk to organizations using these systems in their infrastructure.

What to do if CVE-2023-1935 affected you

If you're affected by the CVE-2023-1935 vulnerability, it's important to take action to protect your infrastructure. Follow these steps to mitigate the risk:

  1. Update your Emerson ROC800-Series RTU and DL8000 Preset Controller firmware to the latest version provided by Emerson.

  2. Validate the firmware image using MD5/SHA256 Hashes published by Emerson on SupportNet.

  3. Follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability, CVE-2023-1935, in ROC800-Series RTU devices is not listed in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability was published on August 2, 2023. To mitigate the risk, users should update their Emerson ROC800-Series RTU and DL8000 Preset Controller firmware, validate the firmware image, and follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which refers to Improper Authentication in ROC800-Series RTU devices.

Learn More

CVE-2023-1935 is a high-severity vulnerability affecting ROC800-Series RTU devices, posing a risk to organizations using these systems. For a comprehensive understanding of the vulnerability, its description, severity, technical details, and affected software configurations, refer to the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-1935?

A high-severity vulnerability, CVE-2023-1935, has been identified in ROC800-Series RTU devices, which are used in various industrial control systems. This authentication bypass vulnerability could allow an attacker to gain unauthorized access to data or control of the device, potentially causing a denial-of-service condition. The affected devices include the Emerson ROC800-Series RTU, such as ROC800, ROC800L, and DL8000 Preset Controllers. It's crucial for organizations using these systems to be aware of this vulnerability and take appropriate mitigation measures to protect their infrastructure.

Who is impacted?

The CVE-2023-1935 vulnerability affects users of Emerson ROC800-Series RTU devices, specifically the ROC809, ROC827, ROC809L, ROC827L, and DL8000 configurations. All firmware versions of these devices are impacted by this issue. This vulnerability could potentially allow unauthorized access to data or control of the device, posing a risk to organizations using these systems in their infrastructure.

What to do if CVE-2023-1935 affected you

If you're affected by the CVE-2023-1935 vulnerability, it's important to take action to protect your infrastructure. Follow these steps to mitigate the risk:

  1. Update your Emerson ROC800-Series RTU and DL8000 Preset Controller firmware to the latest version provided by Emerson.

  2. Validate the firmware image using MD5/SHA256 Hashes published by Emerson on SupportNet.

  3. Follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability, CVE-2023-1935, in ROC800-Series RTU devices is not listed in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability was published on August 2, 2023. To mitigate the risk, users should update their Emerson ROC800-Series RTU and DL8000 Preset Controller firmware, validate the firmware image, and follow the guidance in the ROC800-Series Remote Operations Controller Instruction Manual for securing the device.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which refers to Improper Authentication in ROC800-Series RTU devices.

Learn More

CVE-2023-1935 is a high-severity vulnerability affecting ROC800-Series RTU devices, posing a risk to organizations using these systems. For a comprehensive understanding of the vulnerability, its description, severity, technical details, and affected software configurations, refer to the NVD page.