SB2022081201 - Insufficient verification of data authenticity in Emerson ROC800, ROC800L and DL8000



SB2022081201 - Insufficient verification of data authenticity in Emerson ROC800, ROC800L and DL8000

Published: August 12, 2022

Security Bulletin ID SB2022081201
CSH Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2022-30264)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected product uses the ROC protocol for communications. A local administrator can read, write and delete file or folder operations.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.