19 matches found
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29959
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users a...
CVE-2022-29959
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users a...
CVE-2022-29959
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users a...
Authentication flaw
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users a...
CVE-2022-29959
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users a...
CVE-2022-29959
Summary of CVE-2022-29959 : OpenBSI (Emerson OpenBSI) stores credentials insecurely in SecUsers.ini, enabling potential credential disclosure to an attacker with local access. Multiple sources (NVD, Red Hat, PRION, CVE listings, and CISA advisory) describe the issue as insecure credential storage...
Emerson OpenBSI 加密问题漏洞
Emerson OpenBSI is a set of network communication services designed for technicians, engineers, and operators from Emerson Electric USA that provide access to ControlWave RTUs. A cryptographic issue vulnerability exists in Emerson OpenBSI version 5.9 SP3 and prior versions, which arises from the...
Emerson OpenBSI
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: OpenBSI Vulnerabilities: Use of Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key CISA is aware of a public report, “OT:ICEFALL,” that details...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
Hardcoded credentials
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29960
CVE-2022-29960 affects Emerson OpenBSI (engineering environment for ControlWave/Bristol Babcock RTUs) through 2022-04-29. The root cause is the use of DES with hardcoded cryptographic keys to protect system credentials, engineering files, and sensitive utilities. Exploitation requires local acces...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
Emerson OpenBSI 加密问题漏洞
Emerson OpenBSI is a set of web-based communication services designed for technicians, engineers, and operators from Emerson Electric USA that provide access to ControlWave RTUs. A security vulnerability exists in versions of Emerson OpenBSI prior to 2022-04-29 that stems from the use of weak...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...
PT-2022-3158 · Emerson · Emerson Openbsi
Name of the Vulnerable Software and Affected Versions: Emerson OpenBSI versions prior to 2022-04-29 Description: The issue is related to the insecure storage of confidential information in the SecUsers.ini file, which can be exploited by a remote attacker to gain access to user credentials. The...
PT-2022-3162 · Emerson · Emerson Openbsi
Name of the Vulnerable Software and Affected Versions: Emerson OpenBSI through 2022-04-29 Description: The issue is related to the use of weak cryptography in Emerson OpenBSI, an engineering environment for the ControlWave and Bristol Babcock line of RTUs. Specifically, DES with hardcoded...