7 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards. Emerson DeltaV Distributed Control System (DCS) tiene una verificación insuficiente de la integridad del firmware (un método de suma de verificación inadecuado y sin firma). Esto afecta a las versiones anteriores a la 14.3 de las tarjetas DeltaV serie M, DeltaV serie S, DeltaV serie P, DeltaV SIS y DeltaV CIOC/EIOC/WIOC IO. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. El Sistema de Control Distribuido (DCS) de Emerson DeltaV versiones hasta 29-04-2022, maneja inapropiadamente la autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. WIOC SSH proporciona acceso a un shell como root, DeltaV o copia de seguridad por medio de credenciales embebidas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022 hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •