Filtered by vendor Emerson
Subscribe
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29965 | 1 Emerson | 49 Deltav Distributed Control System, Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware and 46 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. | |||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2023-12-10 | N/A | 7.3 HIGH |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | |||||
| CVE-2022-2790 | 1 Emerson | 1 Electric\'s Proficy | 2023-12-10 | N/A | 5.9 MEDIUM |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). | |||||
| CVE-2020-10640 | 1 Emerson | 1 Openenterprise Scada Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | |||||
| CVE-2020-16235 | 1 Emerson | 1 Openenterprise Scada Server | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
| Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | |||||
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||||
| CVE-2020-10632 | 1 Emerson | 1 Openenterprise Scada Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | |||||
| CVE-2021-44463 | 1 Emerson | 1 Deltav | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
| Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | |||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||||
| CVE-2021-26264 | 1 Emerson | 2 Deltav Distributed Control System, Deltav Workstation | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | |||||
| CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2023-12-10 | 6.8 MEDIUM | 10.0 CRITICAL |
| There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||||
| CVE-2021-42538 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | |||||
| CVE-2021-38485 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | |||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||||
| CVE-2021-42539 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | |||||
| CVE-2021-42542 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||||
| CVE-2021-42540 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. | |||||
| CVE-2021-27463 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. | |||||
| CVE-2021-29297 | 1 Emerson | 1 Proficy Machine Edition | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
| Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll". | |||||
| CVE-2021-27459 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. | |||||