3 matches found
CVE-2022-29965
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...
CVE-2022-29965
The CVE-2022-29965 issue affects Emerson DeltaV Distributed Control System (DCS) controllers and IO cards up to 2022-04-29. The maintenance-port passwords (TELNET, 23/TCP) are generated by a deterministic, insecure algorithm using a single low-entropy seed (day/hour/minute timestamp). The seed is...
Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29962, CVE-2022-29963, CVE-2022-29964, CVE-2022-29965, CVE-2022-30261, CVE-2022-30263, CVE-2022-30266)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...