CVE-2022-29959
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.
Emerson OpenBSI versiones hasta 29-04-2022, maneja inapropiadamente el almacenamiento de credenciales. Es un entorno de ingeniería para la línea de RTUs ControlWave y Bristol Babcock. Este entorno proporciona la funcionalidad de control de acceso mediante la autenticación de usuarios y la administración de privilegios. Las credenciales de varios usuarios son almacenan de forma no segura en el archivo SecUsers.ini usando una simple transformación de cadenas en lugar de un mecanismo criptográfico.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-29 CVE Reserved
- 2022-08-16 CVE Published
- 2024-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03 | Mitigation | |
https://www.forescout.com/blog | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emerson Search vendor "Emerson" | Openbsi Search vendor "Emerson" for product "Openbsi" | < 5.9 Search vendor "Emerson" for product "Openbsi" and version " < 5.9" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Openbsi Search vendor "Emerson" for product "Openbsi" | 5.9 Search vendor "Emerson" for product "Openbsi" and version "5.9" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Openbsi Search vendor "Emerson" for product "Openbsi" | 5.9 Search vendor "Emerson" for product "Openbsi" and version "5.9" | sp1 |
Affected
| ||||||
Emerson Search vendor "Emerson" | Openbsi Search vendor "Emerson" for product "Openbsi" | 5.9 Search vendor "Emerson" for product "Openbsi" and version "5.9" | sp2 |
Affected
| ||||||
Emerson Search vendor "Emerson" | Openbsi Search vendor "Emerson" for product "Openbsi" | 5.9 Search vendor "Emerson" for product "Openbsi" and version "5.9" | sp3 |
Affected
|