Shodan
Vulnerabilities
Vulnerable Software
Emerson:  Security Vulnerabilities
CVE-2021-26264
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-01-28
CVE-2021-45427
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-12-30
CVE-2021-38485
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-10-22
CVE-2021-42536
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-10-22
CVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-10-22
CVE-2021-42539
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-10-22
CVE-2021-42540
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-10-22
CVE-2021-42542
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
CVSS Score
8.0
EPSS Score
0.005
Published
2021-10-22
CVE-2020-12030
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
CVSS Score
10.0
EPSS Score
0.003
Published
2021-09-29
CVE-2021-29297
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
CVSS Score
5.3
EPSS Score
0.003
Published
2021-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved