What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2022-30264.

What is the severity of CVE-2022-30264?

The severity of CVE-2022-30264 is critical.

Which product lines are affected by CVE-2022-30264?

The Emerson ROC and FloBoss RTU product lines are affected by CVE-2022-30264.

What is the recommended mitigation for CVE-2022-30264?

Update the affected Emerson ROC and FloBoss RTU product lines to a version after 2022-05-02 to mitigate CVE-2022-30264.

Vulnerability/
CVE-2022-30264

critical

9.8

CWE

345

16/8/2022

3/8/2024

CVE-2022-30264

Q: What is the ROC protocol used for in relation to CVE-2022-30264?

The ROC protocol is used for communications between a master terminal and RTUs in relation to CVE-2022-30264.

First published: Tue Aug 16 2022(Updated: )

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Emerson Dl8000 Firmware	<=2022-05-02
Emerson Dl8000
Emerson Roc809 Firmware	<2022-05-02
Emerson Roc809
Emerson Roc800l Firmware	<=2022-05-02
Emerson Roc800l
Emerson Fb3000 Rtu Firmware	<=2022-05-02
Emerson Fb3000 Rtu
Emerson Roc827 Firmware	<2022-05-02
Emerson Roc827

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-223-04

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-30264.
What is the severity of CVE-2022-30264?
The severity of CVE-2022-30264 is critical.
Which product lines are affected by CVE-2022-30264?
The Emerson ROC and FloBoss RTU product lines are affected by CVE-2022-30264.
What is the ROC protocol used for in relation to CVE-2022-30264?
The ROC protocol is used for communications between a master terminal and RTUs in relation to CVE-2022-30264.
What is the recommended mitigation for CVE-2022-30264?
Update the affected Emerson ROC and FloBoss RTU product lines to a version after 2022-05-02 to mitigate CVE-2022-30264.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/tags
agent/first-publish-date
agent/description
agent/event
collector/ics-cert-advisory
source/ICS
vendor/emerson
canonical/emerson dl8000 firmware
version/emerson dl8000 firmware/2022-05-02
canonical/emerson dl8000
canonical/emerson roc809 firmware
canonical/emerson roc809
canonical/emerson roc800l firmware
version/emerson roc800l firmware/2022-05-02
canonical/emerson roc800l
canonical/emerson fb3000 rtu firmware
version/emerson fb3000 rtu firmware/2022-05-02
canonical/emerson fb3000 rtu
canonical/emerson roc827 firmware
canonical/emerson roc827

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.