5 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards. Emerson DeltaV Distributed Control System (DCS) tiene una verificación insuficiente de la integridad del firmware (un método de suma de verificación inadecuado y sin firma). Esto afecta a las versiones anteriores a la 14.3 de las tarjetas DeltaV serie M, DeltaV serie S, DeltaV serie P, DeltaV SIS y DeltaV CIOC/EIOC/WIOC IO. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. WIOC SSH proporciona acceso a un shell como root, DeltaV o copia de seguridad por medio de credenciales embebidas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022 hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 49EXPL: 0

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •