Emerson: Security Vulnerabilities
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-26
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-07-26
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-26
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
CVSS Score
3.8
EPSS Score
0.0
Published
2022-05-19
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-24
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-02-24
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVSS Score
10.0
EPSS Score
0.009
Published
2022-02-24
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
CVSS Score
9.8
EPSS Score
0.808
Published
2022-02-14
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-14
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
CVSS Score
8.1
EPSS Score
0.0
Published
2022-01-28