CVE-2022-29957
https://notcve.org/view.php?id=CVE-2022-29957
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. El Sistema de Control Distribuido (DCS) de Emerson DeltaV versiones hasta 29-04-2022, maneja inapropiadamente la autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-306: Missing Authentication for Critical Function •
CVE-2022-29960
https://notcve.org/view.php?id=CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. Emerson OpenBSI versiones hasta 29-04-2022, usa una criptografía débil. Es un entorno de ingeniería para la línea de RTUs ControlWave y Bristol Babcock. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29962
https://notcve.org/view.php?id=CVE-2022-29962
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29964
https://notcve.org/view.php?id=CVE-2022-29964
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. WIOC SSH proporciona acceso a un shell como root, DeltaV o copia de seguridad por medio de credenciales embebidas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29963
https://notcve.org/view.php?id=CVE-2022-29963
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022 hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •