Lucene search
K

314 matches found

Prion
Prion
added 2022/07/26 10:15 p.m.28 views

Hardcoded credentials

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

1.7CVSS5.5AI score0.01319EPSS
Exploits0References2Affected Software24
Prion
Prion
added 2022/07/26 10:15 p.m.22 views

Authentication flaw

The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...

4.3CVSS7.6AI score0.00212EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 9:14 p.m.76 views

CVE-2022-29957

The CVE concerns Emerson DeltaV Distributed Control System (DCS) prior to/through 2022-04-29 where authentication is mishandled across multiple proprietary protocols: Firmware upgrade (18508/18518 TCP), Plug‑and‑Play (18510 UDP), Hawk services (18507 UDP), Management (18519 TCP), Cold restart (18...

7.8CVSS7.5AI score0.00212EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.34 views

CVE-2022-29957

The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...

7.8AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:14 p.m.89 views

CVE-2022-29962

CVE-2022-29962 affects Emerson DeltaV DCS controllers and IO cards (S-series, P-series, CIOC/EIOC) with hardcoded FTP credentials used up to 2022-04-29. The issue stems from misuse of passwords and an FTP service that may be disabled in production; the CVSSv3.1 vector indicates local access, low ...

5.5CVSS5.2AI score0.00228EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.32 views

CVE-2022-29962

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

5.6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.34 views

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

5.6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.36 views

CVE-2022-29963

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

5.6AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:14 p.m.193 views

CVE-2022-29964

Summary of the CVE-2022-29964 family (Emerson DeltaV DCS): The vulnerabilities involve misuse of passwords in DeltaV controllers and IO cards up to 2022-04-29. Specifically, WIOC SSH provides a root/DeltaV/backup shell via hardcoded credentials, enabling local access. The issue affects S-series, ...

5.5CVSS5.2AI score0.00228EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 9:14 p.m.107 views

CVE-2022-29963

Emerson DeltaV DCS and IO cards (S-series, P-series, CIOC/EIOC) up to 2022-04-29 are affected by CVE-2022-29963 due to hardcoded passwords enabling TELNET access on port 18550, yielding a root shell on vulnerable nodes. Root cause: misuse of passwords with static credentials. Impact is local (L) ...

5.5CVSS5.2AI score0.00228EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.32 views

CVE-2022-29965

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...

5.7AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:14 p.m.96 views

CVE-2022-29965

The CVE-2022-29965 issue affects Emerson DeltaV Distributed Control System (DCS) controllers and IO cards up to 2022-04-29. The maintenance-port passwords (TELNET, 23/TCP) are generated by a deterministic, insecure algorithm using a single low-entropy seed (day/hour/minute timestamp). The seed is...

5.5CVSS5.3AI score0.00171EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Emerson DeltaV Distributed Control System 访问控制错误漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. An access control error vulnerability exists in the Emerson DeltaV Distribut...

7.8CVSS7.4AI score0.00212EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.2 views

Emerson DeltaV Distributed Control System 信任管理问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a trust...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Emerson DeltaV Distributed Control System 加密问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes functions such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a...

5.5CVSS5.7AI score0.00171EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.4 views

Emerson DeltaV Distributed Control System 信任管理问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a trust...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Emerson DeltaV Distributed Control System 信任管理问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a trust...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References5
ICS
ICS
added 2022/06/30 12:0 a.m.68 views

Emerson DeltaV Distributed Control System

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable on adjacent network/high attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data...

7.8CVSS6.8AI score0.00228EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.8 views

The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

6.2CVSS5.5AI score0.00228EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.8 views

The vulnerability of Emerson DeltaV industrial workstations, related to the use of cryptographic algorithms containing defects, allows attackers to exploit their privileges.

The vulnerability of Emerson DeltaV industrial workstations lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

9CVSS5.5AI score0.00228EPSS
Exploits0References2
Rows per page
Query Builder