CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

CVE-2022-29957

The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...

Johnson Controls Metasys ADS, ADX, OAS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Fedora: Security Advisory for subversion (FEDORA-2022-2af658b090)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the SEPCOS Single Package control and protection system from Secheron SEPCOS allows a intruder to trigger a system reboot.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability can allow an attacker, operating remotely, to trigger a system reboot by executing the JS functi...

The vulnerability of the SEPCOS Single Package control and protection system, allowing a hacker to read confidential files and write to remotely executable directories.

The vulnerability of the SEPCOS Single Package control system, a microcontroller-based control system for security and protection devices, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to remotely read confidential files and write to remotely...

FreeBSD : git -- privilege escalation (b99f99f6-021e-11ed-8c6f-000c29ffbb6c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b99f99f6-021e-11ed-8c6f-000c29ffbb6c advisory. - Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,...

CVE-2022-30791

creationtimestamp| type| source ---|---|--- 2022-07-11 14:19:09+00:00| seen| https://t.me/cibsecurity/45899 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

Baker Hughes Bently Nevada 3701/40 访问控制错误漏洞

The Baker Hughes Bently Nevada 3701/40 is a Condition Detection System from Baker Hughes USA. An Access Control Error vulnerability exists in the Bently Nevada 3701/4X Series and 60M100 3701/60 versions, which stems from affected products having hard-coded Maintenance Interface credentials in the...

CVE-2022-32081

creationtimestamp| type| source ---|---|--- 2022-07-02 00:40:04+00:00| seen| https://t.me/cibsecurity/45534 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Distributed Data Systems WebHMI

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Emerson DeltaV Distributed Control System

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable on adjacent network/high attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data...

Emerson DeltaV Distributed Control System 信任管理问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a trust...

CVE-2022-31806

creationtimestamp| type| source ---|---|--- 2022-06-29 02:51:42+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6291 2022-12-01 09:11:42+00:00| seen| https://t.me/truesecator/3768 2022-12-01 20:15:38+00:00| seen| https://t.me/icscert/664 2025-11-25 11:00:00+00:00| seen|...

The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...

The vulnerability of the Data Server database in the interactive graphical SCADA system allows a intruder to gain access to read, modify, or delete files.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete files by sending specially crafted messages...

The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...

Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29962, CVE-2022-29963, CVE-2022-29964, CVE-2022-29965, CVE-2022-30261, CVE-2022-30263, CVE-2022-30266)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...