Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-30260
HistoryDec 26, 2022 - 6:15 a.m.

CVE-2022-30260

2022-12-2606:15:10
CWE-345
[email protected]
web.nvd.nist.gov
35
emerson
deltav
dcs
firmware integrity
vulnerability
cve-2022-30260
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Affected configurations

NVD
Node
emersondeltav_distributed_control_system_sq_controller_firmwareRange<14.3
AND
emersondeltav_distributed_control_system_sq_controllerMatch-
Node
emersondeltav_distributed_control_system_sx_controller_firmwareRange<14.3
AND
emersondeltav_distributed_control_system_sx_controllerMatch-
Node
emersonse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockMatch-
Node
emersonse4003s2b4_16-pin_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4003s2b4_16-pin_mass_i\/o_terminal_blockMatch-
Node
emersonse4003s2b524-pin_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4003s2b524-pin_mass_i\/o_terminal_blockMatch-
Node
emersonse4017p0_h1_i\/o_interface_card_and_terminl_block_firmwareRange<14.3
AND
emersonse4017p0_h1_i\/o_interface_card_and_terminl_blockMatch-
Node
emersonse4017p1_h1_i\/o_card_with_integrated_power_firmwareRange<14.3
AND
emersonse4017p1_h1_i\/o_card_with_integrated_powerMatch-
Node
emersonse4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwareRange<14.3
AND
emersonse4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockMatch-
Node
emersonse4026_virtual_i\/o_module_2_firmwareRange<14.3
AND
emersonse4026_virtual_i\/o_module_2Match-
Node
emersonse4027_virtual_i\/o_module_2_firmwareRange<14.3
AND
emersonse4027_virtual_i\/o_module_2Match-
Node
emersonse4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockMatch-
Node
emersonse4037p0_h1_i\/o_interface_card_and_terminl_block_firmwareRange<14.3
AND
emersonse4037p0_h1_i\/o_interface_card_and_terminl_blockMatch-
Node
emersonse4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmwareRange<14.3
AND
emersonse4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_blockMatch-
Node
emersonse4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmwareRange<14.3
AND
emersonse4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblockMatch-
Node
emersonse4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_blockMatch-
Node
emersonse4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmwareRange<14.3
AND
emersonse4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_blockMatch-
Node
emersonse4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwareRange<14.3
AND
emersonse4100_simplex_ethernet_i\/o_card_\(eioc\)_assemblyMatch-
Node
emersonse4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmwareRange<14.3
AND
emersonse4101_simplex_ethernet_i\/o_card_\(eioc\)_assemblyMatch-
Node
emersonse4801t0x_redundant_wireless_i\/o_card_firmwareRange<14.3
AND
emersonse4801t0x_redundant_wireless_i\/o_cardMatch-
Node
emersonve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwareRange<14.3
AND
emersonve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)Match-
Node
emersonve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmwareRange<14.3
AND
emersonve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)Match-
Node
emersonve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwareRange<14.3
AND
emersonve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)Match-
Node
emersonve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmwareRange<14.3
AND
emersonve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)Match-
Node
emersonve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmwareRange<14.3
AND
emersonve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)Match-

Related

nvd 1
prion 1
cvelist 1
nessus 1
ics 1
nvd
nvd
CVE-2022-30260
2022-12-26 06:15:10
prion
prion
Design/Logic Flaw
2022-12-26 06:15:00
cvelist
cvelist
CVE-2022-30260
2022-12-26 00:00:00
nessus
nessus
Emerson DeltaV Distributed Control System Insufficient Verification of Data Authenticity (CVE-2022-30260)
2023-01-05 00:00:00
ics
ics
Emerson DeltaV Distributed Control System
2022-07-14 12:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON
Related for CVE-2022-30260
nvd1prion1cvelist1nessus1ics1