CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2022/08/09 12:0 a.m.•4 views

PT-2022-4155 · Schneider Electric · Modicon Quantum/Premium +4

Name of the Vulnerable Software and Affected Versions: Modicon M340 CPU versions V3.40 and prior Modicon M580 CPU versions V3.22 and prior Legacy Modicon Quantum/Premium All Versions Modicon Momentum MDI 171CBU All Versions Modicon MC80 BMKC80 versions V1.7 and prior Description: A CWE-191: Integ...

7.8CVSS7.4AI score0.00702EPSS

Exploits0References6

Hewlett-Packard•added 2022/08/09 12:0 a.m.•34 views

Intel® Ethernet Controllers August 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Ethernet Controllers and Adapters which may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP...

4.4CVSS2.4AI score0.00191EPSS

Exploits0

BDU FSTEC•added 2022/07/29 12:0 a.m.•3 views

The vulnerability of the microprogrammed software in the MELSEC-Q Series QJ71E71-100, MELSEC-L Series LJ71E71-100, and MELSEC iQ-R Series RD81MES96N programmable logic controllers arises due to insufficient verification of input data. This allows a perpetrator to trigger malfunctions or execute malicious code.

The vulnerability of the microprogrammed software in the MELSEC-Q Series QJ71E71-100, MELSEC-L Series LJ71E71-100, and MELSEC iQ-R Series RD81MES96N controllers exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause malfunctions o...

10CVSS7.9AI score0.02059EPSS

ATTACKERKB•added 2022/07/28 4:15 p.m.•4 views

CVE-2022-30319

Saia Burgess Controls SBC PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls SBC PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The potential impact is:...

8.1CVSS7.3AI score0.00616EPSS

ATTACKERKB•added 2022/07/26 10:15 p.m.•3 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

9.8CVSS8AI score0.0082EPSS

NVD•added 2022/07/26 10:15 p.m.•20 views

CVE-2022-29965

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...

5.5CVSS0.0017EPSS

NVD•added 2022/07/26 10:15 p.m.•17 views

CVE-2022-29963

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

5.5CVSS0.00226EPSS

NVD•added 2022/07/26 10:15 p.m.•23 views

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

5.5CVSS0.00226EPSS

Prion•added 2022/07/26 10:15 p.m.•26 views

Hardcoded credentials

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

1.7CVSS5.4AI score0.01319EPSS

Exploits0References2Affected Software24

Prion•added 2022/07/26 10:15 p.m.•18 views

Code injection

1.7CVSS5.5AI score0.01319EPSS

Exploits0References2Affected Software25

Prion•added 2022/07/26 10:15 p.m.•27 views

Hardcoded credentials

1.7CVSS5.5AI score0.01319EPSS

Exploits0References2Affected Software24

Cvelist•added 2022/07/26 9:14 p.m.•31 views

CVE-2022-29962

5.6AI score0.00226EPSS

CVE•added 2022/07/26 9:14 p.m.•87 views

CVE-2022-29962

CVE-2022-29962 affects Emerson DeltaV DCS controllers and IO cards (S-series, P-series, CIOC/EIOC) with hardcoded FTP credentials used up to 2022-04-29. The issue stems from misuse of passwords and an FTP service that may be disabled in production; the CVSSv3.1 vector indicates local access, low ...

5.5CVSS5.2AI score0.00226EPSS

Cvelist•added 2022/07/26 9:14 p.m.•22 views

CVE-2022-29963

5.6AI score0.00226EPSS

CVE•added 2022/07/26 9:14 p.m.•104 views

CVE-2022-29963

Emerson DeltaV DCS and IO cards (S-series, P-series, CIOC/EIOC) up to 2022-04-29 are affected by CVE-2022-29963 due to hardcoded passwords enabling TELNET access on port 18550, yielding a root shell on vulnerable nodes. Root cause: misuse of passwords with static credentials. Impact is local (L) ...

5.5CVSS5.2AI score0.00226EPSS

CVE•added 2022/07/26 9:14 p.m.•191 views

CVE-2022-29964

Summary of the CVE-2022-29964 family (Emerson DeltaV DCS): The vulnerabilities involve misuse of passwords in DeltaV controllers and IO cards up to 2022-04-29. Specifically, WIOC SSH provides a root/DeltaV/backup shell via hardcoded credentials, enabling local access. The issue affects S-series, ...

5.5CVSS5.2AI score0.00226EPSS

Cvelist•added 2022/07/26 9:14 p.m.•30 views

CVE-2022-29964

5.6AI score0.00226EPSS

CVE•added 2022/07/26 9:14 p.m.•94 views

CVE-2022-29965

The CVE-2022-29965 issue affects Emerson DeltaV Distributed Control System (DCS) controllers and IO cards up to 2022-04-29. The maintenance-port passwords (TELNET, 23/TCP) are generated by a deterministic, insecure algorithm using a single low-entropy seed (day/hour/minute timestamp). The seed is...

5.5CVSS5.3AI score0.0017EPSS