CVE-2016-9347 - OpenCVE

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emerson	Se4801t0x Redundant Wireless I\/o Card Se4801t0x Redundant Wireless I\/o Card Firmware Se4801t1x Simplex Wireless I\/o Card Se4801t1x Simplex Wireless I\/o Card Firmware

Configuration 1 [-]

AND

cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\/o_card_firmware:13.3:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\/o_card:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\/o_card_firmware:13.3:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\/o_card:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94586
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2024-08-06T02:50:36.958Z

Reserved: 2016-11-16T00:00:00

Link: CVE-2016-9347

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-02-13T21:59:01.830

Modified: 2017-03-13T16:52:21.450

Link: CVE-2016-9347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Emerson DeltaV Wireless I/O Card 13.3", "vendor": "n/a", "versions": [{"status": "affected", "version": "Emerson DeltaV Wireless I/O Card 13.3"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily."}], "problemTypes": [{"descriptions": [{"description": "Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "94586", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94586"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-9347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Emerson DeltaV Wireless I/O Card 13.3", "version": {"version_data": [{"version_value": "Emerson DeltaV Wireless I/O Card 13.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability"}]}]}, "references": {"reference_data": [{"name": "94586", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94586"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:36.958Z"}, "title": "CVE Program Container", "references": [{"name": "94586", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94586"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-9347", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2016-11-16T00:00:00", "dateUpdated": "2024-08-06T02:50:36.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0027A39-A16C-4BF3-BCFF-27EAEF2CFA20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\\/o_card:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F515BD5-A516-4EF6-83BD-1D4FB13554A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*", "matchCriteriaId": "B244549D-2E37-4C53-B53A-FD99838A18AC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\\/o_card:-:*:*:*:*:*:*:*", "matchCriteriaId": "D40F2767-6A1A-44BB-98F6-684A05BB2C0C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily."}, {"lang": "es", "value": "Ha sido descubierto un problema en Emerson SE4801T0X Redundant Wireless I/O Card V13.3 y SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) que ejecutan el firmware disponible en el sistema DeltaV, versi\u00f3n v13.3, tienen la funcionalidad SSH (Secure Shell) habilitada innecesariamente."}], "id": "CVE-2016-9347", "lastModified": "2017-03-13T16:52:21.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T21:59:01.830", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94586"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}