Emerson: Security Vulnerabilities
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-01
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-08-23
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-08-23
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-08-21
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-21
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.
CVSS Score
7.5
EPSS Score
0.017
Published
2018-03-07
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
CVSS Score
6.8
EPSS Score
0.002
Published
2017-02-13
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.
CVSS Score
5.0
EPSS Score
0.001
Published
2017-02-13
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-02-13
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input.
CVSS Score
6.5
EPSS Score
0.005
Published
2015-05-26