CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-30260
https://notcve.org/view.php?id=CVE-2022-30260
26 Dec 2022 — Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards. Emerson DeltaV Distributed Control System (DCS) tiene una verificación insuficiente de la integridad del firmware (un método de suma de verificación inadecuado y sin firma). Esto afecta a las versiones anteriores a la 14.3 ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29957
https://notcve.org/view.php?id=CVE-2022-29957
26 Jul 2022 — The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2022-29962
https://notcve.org/view.php?id=CVE-2022-29962
26 Jul 2022 — The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2022-29963
https://notcve.org/view.php?id=CVE-2022-29963
26 Jul 2022 — The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022 hacen un uso inapropiado de las contraseñas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2022-29964
https://notcve.org/view.php?id=CVE-2022-29964
26 Jul 2022 — The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. WIOC SSH proporciona acceso a un shell como root, DeltaV o copia de seguridad por medio de crede... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 49EXPL: 0CVE-2022-29965
https://notcve.org/view.php?id=CVE-2022-29965
26 Jul 2022 — The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a seri... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44463 – Emerson DeltaV Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2021-44463
28 Jan 2022 — Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. Unas DLLs que faltan, si son reemplazadas por un insider, podrían permitir a un atacante lograr una escalada local de privilegios en DeltaV Distributed Control System Controllers and Workstations (Todas las versiones) cuando son iniciados algunos servicios DeltaV • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26264 – Emerson DeltaV Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2021-26264
28 Jan 2022 — A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. Un script especialmente diseñado podría hacer que DeltaV Distributed Control System Controllers (todas las versiones) se reinicien y causar una condición de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19021
https://notcve.org/view.php?id=CVE-2018-19021
25 Jan 2019 — A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. Un script especialmente manipulado podría omitir la autenticación de un puerto de mantenimiento de Emerson DeltaV DCS, en versiones 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 y anteriores, lo que podría permitir a un atacante provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/106522 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14791
https://notcve.org/view.php?id=CVE-2018-14791
23 Aug 2018 — Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. En Emerson DeltaV DCS en versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 podría permitir que los usuarios no administrativos cambien archivos ejecutables y de librerías en los productos afectados. • http://www.securityfocus.com/bid/105105 • CWE-269: Improper Privilege Management •