CVE-2016-9347
https://notcve.org/view.php?id=CVE-2016-9347
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. Ha sido descubierto un problema en Emerson SE4801T0X Redundant Wireless I/O Card V13.3 y SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) que ejecutan el firmware disponible en el sistema DeltaV, versión v13.3, tienen la funcionalidad SSH (Secure Shell) habilitada innecesariamente. • http://www.securityfocus.com/bid/94586 https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03 • CWE-254: 7PK - Security Features •
CVE-2016-9345
https://notcve.org/view.php?id=CVE-2016-9345
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Ha sido descubierto un problema en Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1 y DeltaV V13.3. Vulnerabilidades críticas pueden permitir que un atacante local eleve privilegios dentro del sistema de control DeltaV. • http://www.securityfocus.com/bid/105767 http://www.securityfocus.com/bid/94584 https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-1008
https://notcve.org/view.php?id=CVE-2015-1008
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Vulnerabilidad de inyección SQL en Emerson AMS Device Manager anterior a 13 permite a usuarios remotos autenticados ganar privilegios a través de entradas malformadas. • http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability http://www.securityfocus.com/bid/74774 https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-2810
https://notcve.org/view.php?id=CVE-2013-2810
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. Emerson Process Management ROC800 RTU con software 3.50 y anteriores, DL8000 RTU con software 2.30 y anteriores y ROC800L RTU con software 1.20 y anteriores permiten a atacantes remotos ejecutar comandos arbitrarios a través de un ataque de reproducción de TCP. • http://www.securityfocus.com/bid/71425 https://exchange.xforce.ibmcloud.com/vulnerabilities/99131 https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-2350
https://notcve.org/view.php?id=CVE-2014-2350
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV 10.3.1, 11.3, 11.3.1 y 12.3 utiliza credenciales embebidas para servicios diagnósticos, lo que permite a atacantes remotos evadir restricciones de acceso a través de una sesión TCP, tal y como fue demostrado por una sesión que utiliza el programa telnet. • http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 • CWE-255: Credentials Management Errors •