N/A

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.

N/A

N/A

多款Emerson Process Management RTUs产品任意文件上传漏洞

Emerson Process Management ROC800 RTU是美国艾默生电气（Emerson Electric）公司的远程终端单元产品。该产品包括ROC800、ROC800L、DL8000，具有在控制设备上执行多个PLC（工业环境下数字运算操作电子装置）的功能。 Emerson Process Management中使用了ROC800 RTUs的多款产品中的TFTP服务器中存在安全漏洞。远程攻击者可利用该漏洞上传任意文件，并执行任意代码。以下产品及版本受到影响：ROC800 3.50及之前的

N/A

N/A