Emerson OpenEnterprise

🗓️ 19 May 2020 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 110 Views

Vulnerabilities in Emerson OpenEnterprise SCADA Software, affecting all versions through 3.3.4, allow remote code execution, unauthorized access to configuration services, and password retrieval

Reporter	Title	Published	Views	Family All 30
BDU FSTEC	The vulnerability of the SCADA platform for remote oil and gas applications from Emerson’s OpenEnterprise, related to the improper implementation of authentication mechanisms, allows attackers to trigger a service failure.	19 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SCADA platform for remote oil and gas applications from Emerson’s OpenEnterprise platform stems from improper implementation of authentication mechanisms. This allows attackers to execute arbitrary code.	19 Jun 202000:00	–	bdu_fstec
Circl	CVE-2020-10632	27 May 202011:15	–	circl
Circl	CVE-2020-10636	27 May 202011:15	–	circl
Circl	CVE-2020-10640	27 May 202011:15	–	circl
CNVD	Emerson Electric OpenEnterprise Encryption Issues Vulnerabilities	20 May 202000:00	–	cnvd
CNVD	Emerson OpenEnterprise Rights Mismanagement Vulnerability	20 May 202000:00	–	cnvd
CNVD	Emerson OpenEnterprise Critical Function Authentication Missing Vulnerability	20 May 202000:00	–	cnvd
CVE	CVE-2020-10632	24 Feb 202218:50	–	cve
CVE	CVE-2020-10636	24 Feb 202218:50	–	cve

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-140-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-20-140-02
us-cert	www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
us-cert	www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B

19 May 2020 00:00Current

8High risk

Vulners AI Score8

CVSS 210

CVSS 3.19.8 - 10

EPSS0.00863

SSVC