MidnightBSD

Advisories for emerson

CVE-2012-1814 MEDIUM

Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav_proessentials_scientific_graph 5.0.0.6
emerson deltav_workstation 10.3.1
emerson deltav 10.3.1
emerson deltav_workstation 11.3
emerson deltav 11.3
emerson deltav_workstation 9.3.1
emerson deltav_workstation 11.3.1
emerson deltav 9.3.1
CVE-2012-1815 HIGH

SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav_proessentials_scientific_graph 5.0.0.6
emerson deltav_workstation 10.3.1
emerson deltav 10.3.1
emerson deltav_workstation 11.3
emerson deltav 11.3
emerson deltav_workstation 9.3.1
emerson deltav_workstation 11.3.1
emerson deltav 9.3.1
CVE-2012-1816 MEDIUM

PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav_proessentials_scientific_graph 5.0.0.6
emerson deltav_workstation 10.3.1
emerson deltav 10.3.1
emerson deltav_workstation 11.3
emerson deltav 11.3
emerson deltav_workstation 9.3.1
emerson deltav_workstation 11.3.1
emerson deltav 9.3.1
CVE-2012-1817 HIGH

Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav_proessentials_scientific_graph 5.0.0.6
emerson deltav_workstation 10.3.1
emerson deltav 10.3.1
emerson deltav_workstation 11.3
emerson deltav 11.3
emerson deltav_workstation 9.3.1
emerson deltav_workstation 11.3.1
emerson deltav 9.3.1
CVE-2012-1818 MEDIUM

An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav_proessentials_scientific_graph 5.0.0.6
emerson deltav_workstation 10.3.1
emerson deltav 10.3.1
emerson deltav_workstation 11.3
emerson deltav 11.3
emerson deltav_workstation 9.3.1
emerson deltav_workstation 11.3.1
emerson deltav 9.3.1
CVE-2013-0689 HIGH

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
emerson dl_8000_remote_terminal_unit -
enea ose *
emerson roc_800l_remote_terminal_unit -
emerson roc_800_remote_terminal_unit -
CVE-2013-0692 HIGH

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
emerson dl_8000_remote_terminal_unit -
enea ose *
emerson roc_800l_remote_terminal_unit -
emerson roc_800_remote_terminal_unit -
CVE-2013-0693 HIGH

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
emerson dl_8000_remote_terminal_unit -
enea ose *
emerson roc_800l_remote_terminal_unit -
emerson roc_800_remote_terminal_unit -
CVE-2013-0694 HIGH

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
emerson dl_8000_remote_terminal_unit -
enea ose *
emerson roc_800l_remote_terminal_unit -
emerson roc_800_remote_terminal_unit -
CVE-2013-2810 HIGH

Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
emerson dl_8000_remote_terminal_unit -
emerson roc_800l_remote_terminal_unit_firmware *
emerson roc_800l_remote_terminal_unit -
emerson roc_800_remote_terminal_unit -
emerson roc_800_remote_terminal_unit_firmware *
emerson dl_8000_remote_terminal_unit_firmware 2.30
CVE-2013-6030 MEDIUM

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
emerson network_power_avocent_mergepoint_unity_2016_firmware 1.9.16473
CVE-2014-2349 MEDIUM

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-264,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 10.3.1
emerson deltav 11.3
emerson deltav 12.3
CVE-2014-2350 LOW

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,CWE-255,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 10.3.1
emerson deltav 11.3
emerson deltav 12.3
CVE-2015-1008 MEDIUM

SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
emerson ams_device_manager *
CVE-2016-8348 HIGH

An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
emerson liebert_sitescan_web *
CVE-2016-9345 MEDIUM

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
emerson deltav 12.3.1
emerson deltav 13.3
emerson deltav 12.3
CVE-2016-9347 MEDIUM

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
emerson se4801t1x_simplex_wireless_i/o_card_firmware 13.3
emerson se4801t0x_redundant_wireless_i/o_card_firmware 13.3
CVE-2018-11691 HIGH

Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
emerson ve6046_firmware 09.0.12
CVE-2018-14791 MEDIUM

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 12.3.1
emerson deltav r5
emerson deltav 13.3
emerson deltav 13.3.1
CVE-2018-14793 MEDIUM

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 12.3.1
emerson deltav 13.3.0
emerson deltav r5
emerson deltav 13.3.1
CVE-2018-14795 MEDIUM

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 12.3.1
emerson deltav 13.3.0
emerson deltav r5
emerson deltav 13.3.1
CVE-2018-14797 MEDIUM

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 12.3.1
emerson deltav 13.3.0
emerson deltav r5
emerson deltav 13.3.1
CVE-2018-14804 HIGH

Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-94,

Products Affected

Vendor Product Version
emerson ams_device_manager *
CVE-2018-14808 MEDIUM

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
emerson ams_device_manager *
CVE-2018-19021 LOW

A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
emerson deltav 11.3.1
emerson deltav 12.3.1
emerson deltav 14.3
emerson deltav *
emerson deltav 11.3.2
emerson deltav 13.3.1
CVE-2018-5452 MEDIUM

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
emerson controlwave_micro_firmware *
CVE-2019-10965 MEDIUM

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
emerson ovation_ocr400_firmware *
CVE-2019-10967 MEDIUM

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
emerson ovation_ocr400_firmware *
CVE-2019-12167 MEDIUM

httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
emerson liebert_challenger_firmware 5.1e0.5
CVE-2019-13524 HIGH

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
emerson rx3i_cpe310_firmware *
emerson rx3i_cpe100_firmware *
emerson rx3i_cpe330_firmware *
emerson rx3i_cru320_firmware *
emerson rx3i_cpe302_firmware *
emerson rx3i_cpe115_firmware *
emerson rx3i_cpl410_firmware *
emerson rx3i_cpe305_firmware *
emerson rx3i_cpe400_firmware *
CVE-2020-10632 MEDIUM

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-282,NVD-CWE-Other,

Products Affected

Vendor Product Version
emerson openenterprise_scada_server *
CVE-2020-10636 MEDIUM

Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
emerson openenterprise_scada_server *
CVE-2020-10640 HIGH

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
emerson openenterprise_scada_server *
CVE-2020-12030 MEDIUM

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
ics-cert@hq.dhs.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
emerson wireless_1552wu_gateway_firmware *
CVE-2020-12525 MEDIUM

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
wago dtminspector_3 -
pepperl-fuchs pactware *
pepperl-fuchs io-link_master_firmware *
emerson rosemount_transmitter_interface_software -
weidmueller wi_manager *
wago fdtcontainer_application *
wago fdtcontainer_component *
CVE-2020-16235 LOW

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
emerson openenterprise_scada_server *
CVE-2020-19417 HIGH

Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emerson wireless_1420_gateway_firmware 4.6.59
CVE-2020-19419 MEDIUM

Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
emerson smart_wireless_gateway_1420_firmware 4.6.59
CVE-2020-27254 MEDIUM

Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2020-6970 HIGH

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
emerson openenterprise_scada_server 2.8.3
emerson openenterprise_scada_server *
CVE-2020-6971 MEDIUM

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
emerson valvelink *
CVE-2021-26264 MEDIUM

A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.1 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 1.6 4.0
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
emerson deltav_workstation -
emerson deltav_distributed_control_system -
CVE-2021-27457 MEDIUM

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-327,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-27459 HIGH

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-27461 MEDIUM

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-27463 MEDIUM

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-539,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-27465 MEDIUM

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-27467 MEDIUM

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
emerson x-stream_enhanced_xexf_firmware *
emerson x-stream_enhanced_xefd_firmware *
emerson x-stream_enhanced_xegp_firmware *
emerson x-stream_enhanced_xegk_firmware *
CVE-2021-29297 LOW

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
emerson proficy_machine_edition 8.0
CVE-2021-29298 LOW

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
emerson proficy_machine_edition 8.0
CVE-2021-38485 MEDIUM

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-42536 MEDIUM

The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-42538 MEDIUM

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-77,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-42539 MEDIUM

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-42540 MEDIUM

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-123,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-42542 MEDIUM

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
emerson wireless_1410d_gateway_firmware *
emerson wireless_1410_gateway_firmware *
emerson wireless_1420_gateway_firmware *
CVE-2021-44463 MEDIUM

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H 1.5 6.0
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
emerson deltav 14.3.1
emerson deltav r6
emerson deltav 14
emerson deltav 13.3.1
CVE-2021-45420 HIGH

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-306,CWE-668,

Products Affected

Vendor Product Version
emerson dixell_xweb-500_firmware -
CVE-2021-45421 MEDIUM

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
emerson dixell_xweb-500_firmware -
CVE-2021-45427 HIGH

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
emerson xweb300d_evo_firmware 3.0.7
CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L 1.3 2.5
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
emerson electric's_proficy *
CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.0 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson electric's_proficy *
CVE-2022-2790

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N 1.5 4.0
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N 1.5 4.0

Products Affected

Vendor Product Version
emerson electric's_proficy *
CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

Products Affected

Vendor Product Version
emerson proficy *
CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
emerson electric's_proficy *
CVE-2022-2793

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 5.9 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
emerson electric's_proficy *
CVE-2022-29957

The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.

Products Affected

Vendor Product Version
emerson deltav_distributed_control_system *
CVE-2022-29959

Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson openbsi *
emerson openbsi 5.9
CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson openbsi *
emerson openbsi 5.9
CVE-2022-29962

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson se4801t0x_redundant_wireless_i/o_card_firmware *
emerson ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson se4017p1_h1_i/o_card_with_integrated_power_firmware *
emerson se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4027_virtual_i/o_module_2_firmware *
emerson se4003s2b524-pin_mass_i/o_terminal_block_firmware *
emerson se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4017p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4037p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware *
emerson se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system_sx_controller_firmware *
emerson se4026_virtual_i/o_module_2_firmware *
emerson deltav_distributed_control_system_sq_controller_firmware *
emerson se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4003s2b4_16-pin_mass_i/o_terminal_block_firmware *
CVE-2022-29963

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson se4801t0x_redundant_wireless_i/o_card_firmware *
emerson ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson se4017p1_h1_i/o_card_with_integrated_power_firmware *
emerson se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4027_virtual_i/o_module_2_firmware *
emerson se4003s2b524-pin_mass_i/o_terminal_block_firmware *
emerson se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4017p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4037p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware *
emerson se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system_sx_controller_firmware *
emerson se4026_virtual_i/o_module_2_firmware *
emerson deltav_distributed_control_system_sq_controller_firmware *
emerson se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4003s2b4_16-pin_mass_i/o_terminal_block_firmware *
CVE-2022-29964

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
emerson se4801t0x_redundant_wireless_i/o_card_firmware *
emerson ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson se4017p1_h1_i/o_card_with_integrated_power_firmware *
emerson se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4027_virtual_i/o_module_2_firmware *
emerson se4003s2b524-pin_mass_i/o_terminal_block_firmware *
emerson se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4017p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4037p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware *
emerson se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system_sx_controller_firmware *
emerson se4026_virtual_i/o_module_2_firmware *
emerson deltav_distributed_control_system_sq_controller_firmware *
emerson se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4003s2b4_16-pin_mass_i/o_terminal_block_firmware *
CVE-2022-29965

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.

Products Affected

Vendor Product Version
emerson se4801t0x_redundant_wireless_i/o_card_firmware *
emerson ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson se4017p1_h1_i/o_card_with_integrated_power_firmware *
emerson se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4027_virtual_i/o_module_2_firmware *
emerson se4003s2b524-pin_mass_i/o_terminal_block_firmware *
emerson se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4017p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4037p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware *
emerson se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system *
emerson se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system_sx_controller_firmware *
emerson se4026_virtual_i/o_module_2_firmware *
emerson deltav_distributed_control_system_sq_controller_firmware *
emerson se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4003s2b4_16-pin_mass_i/o_terminal_block_firmware *
CVE-2022-30260

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Products Affected

Vendor Product Version
emerson se4801t0x_redundant_wireless_i/o_card_firmware *
emerson ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson se4017p1_h1_i/o_card_with_integrated_power_firmware *
emerson se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4027_virtual_i/o_module_2_firmware *
emerson se4003s2b524-pin_mass_i/o_terminal_block_firmware *
emerson se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4017p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4037p0_h1_i/o_interface_card_and_terminl_block_firmware *
emerson se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware *
emerson se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware *
emerson se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware *
emerson deltav_distributed_control_system_sx_controller_firmware *
emerson se4026_virtual_i/o_module_2_firmware *
emerson deltav_distributed_control_system_sq_controller_firmware *
emerson se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware *
emerson se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware *
emerson ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware *
emerson se4003s2b4_16-pin_mass_i/o_terminal_block_firmware *
CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
emerson controlwave_micro_firmware *
emerson controlwave_pac_firmware *
CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
emerson dl8000_firmware *
emerson roc827_firmware *
emerson roc800l_firmware *
emerson roc809_firmware *
emerson fb3000_rtu_firmware *
CVE-2023-1935

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5

Products Affected

Vendor Product Version
emerson dl8000_firmware *
emerson roc827_firmware *
emerson roc827l_firmware *
emerson roc809_firmware *
emerson roc809l_firmware *
CVE-2023-43609

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H 1.6 4.7

Products Affected

Vendor Product Version
emerson gc370xa_firmware 4.1.5
emerson gc1500xa_firmware 4.1.5
emerson gc700xa_firmware 4.1.5
CVE-2023-46687

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
emerson gc370xa_firmware 4.1.5
emerson gc1500xa_firmware 4.1.5
emerson gc700xa_firmware 4.1.5
CVE-2023-49716

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H 1.6 4.7

Products Affected

Vendor Product Version
emerson gc370xa_firmware 4.1.5
emerson gc1500xa_firmware 4.1.5
emerson gc700xa_firmware 4.1.5
CVE-2023-51761

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
emerson gc370xa_firmware 4.1.5
emerson gc1500xa_firmware 4.1.5
emerson gc700xa_firmware 4.1.5
CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ni.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
emerson flexlogger *
emerson data_record_ad *
emerson systemlink_server *
emerson labview_nxg 5.1
emerson g_web_development_software *
emerson specification_compliance_manager *
emerson static_test_software_suite *
emerson sts_software_bundle *
CVE-2024-1156

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ni.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
emerson flexlogger *
emerson data_record_ad *
emerson systemlink_server *
emerson labview_nxg 5.1
emerson g_web_development_software *
emerson specification_compliance_manager *
emerson static_test_software_suite *
emerson sts_software_bundle *