CVE-2022-29957
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
El Sistema de Control Distribuido (DCS) de Emerson DeltaV versiones hasta 29-04-2022, maneja inapropiadamente la autenticación. Usa varios protocolos propietarios para una amplia variedad de funcionalidades. Estos protocolos incluyen la actualización del firmware (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); servicios Hawk (18507/UDP); administración (18519/TCP); reinicio en frío (18512/UDP); comunicaciones SIS (12345/TCP); y protocolo de pasarela inalámbrica (18515/UDP). Ninguno de estos protocolos presenta características de autenticación, permitiendo a cualquier atacante capaz de comunicarse con los puertos en cuestión invocar (un subconjunto de) la funcionalidad deseada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-29 CVE Reserved
- 2022-07-26 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 | Third Party Advisory | |
https://www.forescout.com/blog | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emerson Search vendor "Emerson" | Deltav Distributed Control System Search vendor "Emerson" for product "Deltav Distributed Control System" | <= 2022-04-29 Search vendor "Emerson" for product "Deltav Distributed Control System" and version " <= 2022-04-29" | - |
Affected
|