{"api_version":"1","generated_at":"2026-04-23T10:55:53+00:00","cve":"CVE-2013-0689","urls":{"html":"https://cve.report/CVE-2013-0689","api":"https://cve.report/api/cve/CVE-2013-0689.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-0689","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-0689"},"summary":{"title":"CVE-2013-0689","description":"The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2013-10-03 11:04:00","updated_at":"2013-10-03 17:40:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01","name":"http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01","refsource":"MISC","tags":["US Government Resource"],"title":"Emerson ROC800 Multiple Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-0689","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0689","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"dl_8000_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"dl_8000_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"roc_800l_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"roc_800l_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"roc_800_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"emerson","cpe5":"roc_800_remote_terminal_unit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"1.20","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"enea","cpe5":"ose","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"2.30","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"enea","cpe5":"ose","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"689","vulnerable":"1","versionEndIncluding":"3.50","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"enea","cpe5":"ose","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2013-0689","qid":"590584","title":"Emerson ROC800 (Update B) Multiple Vulnerabilities (ICSA-13-259-01B)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2013-0689","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01","refsource":"MISC","url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01"}]}},"nvd":{"publishedDate":"2013-10-03 11:04:00","lastModifiedDate":"2013-10-03 17:40:00","problem_types":["CWE-94"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*","versionEndIncluding":"1.20","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:emerson:roc_800l_remote_terminal_unit:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*","versionEndIncluding":"3.50","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:emerson:roc_800_remote_terminal_unit:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:enea:ose:*:*:*:*:*:*:*:*","versionEndIncluding":"2.30","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:emerson:dl_8000_remote_terminal_unit:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"689","Ordinal":"60198","Title":"CVE-2013-0689","CVE":"CVE-2013-0689","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"689","Ordinal":"1","NoteData":"The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"689","Ordinal":"2","NoteData":"2013-10-03","Type":"Other","Title":"Published"}]}}}