Lucene search

[email protected]CVE-2022-29963

HistoryJul 26, 2022 - 10:15 p.m.

CVE-2022-29963

2022-07-2622:15:00

CWE-798

[email protected]

web.nvd.nist.gov

emerson

deltav

dcs

controllers

io cards

hardcoded credentials

telnet

root shell

cve-2022-29963

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.7%

JSON

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

CPENameOperatorVersion
emerson:deltav_distributed_control_system_sq_controller_firmwareemerson deltav distributed control system sq controller firmwarele2022-04-29
emerson:deltav_distributed_control_system_sx_controller_firmwareemerson deltav distributed control system sx controller firmwarele2022-04-29
emerson:se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwareemerson se4002s1t2b6 high side 40-pin mass i\/o terminal block firmwarele2022-04-29
emerson:se4003s2b4_16-pin_mass_i\/o_terminal_block_firmwareemerson se4003s2b4 16-pin mass i\/o terminal block firmwarele2022-04-29
emerson:se4003s2b524-pin_mass_i\/o_terminal_block_firmwareemerson se4003s2b524-pin mass i\/o terminal block firmwarele2022-04-29
emerson:se4017p0_h1_i\/o_interface_card_and_terminl_block_firmwareemerson se4017p0 h1 i\/o interface card and terminl block firmwarele2022-04-29
emerson:se4017p1_h1_i\/o_card_with_integrated_power_firmwareemerson se4017p1 h1 i\/o card with integrated power firmwarele2022-04-29
emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwareemerson se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock firmwarele2022-04-29
emerson:se4026_virtual_i\/o_module_2_firmwareemerson se4026 virtual i\/o module 2 firmwarele2022-04-29
emerson:se4027_virtual_i\/o_module_2_firmwareemerson se4027 virtual i\/o module 2 firmwarele2022-04-29

CPE	Name	Operator	Version
emerson:deltav_distributed_control_system_sq_controller_firmware	emerson deltav distributed control system sq controller firmware	le	2022-04-29
emerson:deltav_distributed_control_system_sx_controller_firmware	emerson deltav distributed control system sx controller firmware	le	2022-04-29
emerson:se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware	emerson se4002s1t2b6 high side 40-pin mass i\/o terminal block firmware	le	2022-04-29
emerson:se4003s2b4_16-pin_mass_i\/o_terminal_block_firmware	emerson se4003s2b4 16-pin mass i\/o terminal block firmware	le	2022-04-29
emerson:se4003s2b524-pin_mass_i\/o_terminal_block_firmware	emerson se4003s2b524-pin mass i\/o terminal block firmware	le	2022-04-29
emerson:se4017p0_h1_i\/o_interface_card_and_terminl_block_firmware	emerson se4017p0 h1 i\/o interface card and terminl block firmware	le	2022-04-29
emerson:se4017p1_h1_i\/o_card_with_integrated_power_firmware	emerson se4017p1 h1 i\/o card with integrated power firmware	le	2022-04-29
emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmware	emerson se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock firmware	le	2022-04-29
emerson:se4026_virtual_i\/o_module_2_firmware	emerson se4026 virtual i\/o module 2 firmware	le	2022-04-29
emerson:se4027_virtual_i\/o_module_2_firmware	emerson se4027 virtual i\/o module 2 firmware	le	2022-04-29

Rows per page:

1-10 of 241

References

www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

www.forescout.com/blog/

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2022-29963

prion5 nessus8 cve4 ptsecurity1 ics2