// For flags

CVE-2022-29964

 

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

Los controladores del Sistema de Control Distribuido (DCS) de Emerson DeltaV y las tarjetas IO versiones hasta 29-04-2022, hacen un uso inapropiado de las contraseñas. WIOC SSH proporciona acceso a un shell como root, DeltaV o copia de seguridad por medio de credenciales embebidas. NOTA: esto es diferente de CVE-2014-2350.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-29 CVE Reserved
  • 2022-07-26 CVE Published
  • 2024-02-16 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Emerson
Search vendor "Emerson"
Deltav Distributed Control System Sq Controller Firmware
Search vendor "Emerson" for product "Deltav Distributed Control System Sq Controller Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Deltav Distributed Control System Sq Controller Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Deltav Distributed Control System Sq Controller
Search vendor "Emerson" for product "Deltav Distributed Control System Sq Controller"
--
Safe
Emerson
Search vendor "Emerson"
Deltav Distributed Control System Sx Controller Firmware
Search vendor "Emerson" for product "Deltav Distributed Control System Sx Controller Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Deltav Distributed Control System Sx Controller Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Deltav Distributed Control System Sx Controller
Search vendor "Emerson" for product "Deltav Distributed Control System Sx Controller"
--
Safe
Emerson
Search vendor "Emerson"
Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4003s2b4 16-pin Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4003s2b4 16-pin Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4003s2b4 16-pin Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4003s2b4 16-pin Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4003s2b4 16-pin Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4003s2b524-pin Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4003s2b524-pin Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4003s2b524-pin Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4003s2b524-pin Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4003s2b524-pin Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4017p0 H1 I\/o Interface Card And Terminl Block Firmware
Search vendor "Emerson" for product "Se4017p0 H1 I\/o Interface Card And Terminl Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4017p0 H1 I\/o Interface Card And Terminl Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4017p0 H1 I\/o Interface Card And Terminl Block
Search vendor "Emerson" for product "Se4017p0 H1 I\/o Interface Card And Terminl Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4017p1 H1 I\/o Card With Integrated Power Firmware
Search vendor "Emerson" for product "Se4017p1 H1 I\/o Card With Integrated Power Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4017p1 H1 I\/o Card With Integrated Power Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4017p1 H1 I\/o Card With Integrated Power
Search vendor "Emerson" for product "Se4017p1 H1 I\/o Card With Integrated Power"
--
Safe
Emerson
Search vendor "Emerson"
Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware
Search vendor "Emerson" for product "Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock
Search vendor "Emerson" for product "Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock"
--
Safe
Emerson
Search vendor "Emerson"
Se4026 Virtual I\/o Module 2 Firmware
Search vendor "Emerson" for product "Se4026 Virtual I\/o Module 2 Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4026 Virtual I\/o Module 2 Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4026 Virtual I\/o Module 2
Search vendor "Emerson" for product "Se4026 Virtual I\/o Module 2"
--
Safe
Emerson
Search vendor "Emerson"
Se4027 Virtual I\/o Module 2 Firmware
Search vendor "Emerson" for product "Se4027 Virtual I\/o Module 2 Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4027 Virtual I\/o Module 2 Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4027 Virtual I\/o Module 2
Search vendor "Emerson" for product "Se4027 Virtual I\/o Module 2"
--
Safe
Emerson
Search vendor "Emerson"
Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4037p0 H1 I\/o Interface Card And Terminl Block Firmware
Search vendor "Emerson" for product "Se4037p0 H1 I\/o Interface Card And Terminl Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4037p0 H1 I\/o Interface Card And Terminl Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4037p0 H1 I\/o Interface Card And Terminl Block
Search vendor "Emerson" for product "Se4037p0 H1 I\/o Interface Card And Terminl Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block Firmware
Search vendor "Emerson" for product "Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block
Search vendor "Emerson" for product "Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware
Search vendor "Emerson" for product "Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock
Search vendor "Emerson" for product "Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock"
--
Safe
Emerson
Search vendor "Emerson"
Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware
Search vendor "Emerson" for product "Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block
Search vendor "Emerson" for product "Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block"
--
Safe
Emerson
Search vendor "Emerson"
Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware
Search vendor "Emerson" for product "Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly
Search vendor "Emerson" for product "Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly"
--
Safe
Emerson
Search vendor "Emerson"
Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware
Search vendor "Emerson" for product "Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly
Search vendor "Emerson" for product "Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly"
--
Safe
Emerson
Search vendor "Emerson"
Se4801t0x Redundant Wireless I\/o Card Firmware
Search vendor "Emerson" for product "Se4801t0x Redundant Wireless I\/o Card Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Se4801t0x Redundant Wireless I\/o Card Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Se4801t0x Redundant Wireless I\/o Card
Search vendor "Emerson" for product "Se4801t0x Redundant Wireless I\/o Card"
--
Safe
Emerson
Search vendor "Emerson"
Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\) Firmware
Search vendor "Emerson" for product "Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\) Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\) Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\)
Search vendor "Emerson" for product "Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\)"
--
Safe
Emerson
Search vendor "Emerson"
Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\) Firmware
Search vendor "Emerson" for product "Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\) Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\) Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\)
Search vendor "Emerson" for product "Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\)"
--
Safe
Emerson
Search vendor "Emerson"
Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\) Firmware
Search vendor "Emerson" for product "Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\) Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\) Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\)
Search vendor "Emerson" for product "Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\)"
--
Safe
Emerson
Search vendor "Emerson"
Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\) Firmware
Search vendor "Emerson" for product "Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\) Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\) Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\)
Search vendor "Emerson" for product "Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\)"
--
Safe
Emerson
Search vendor "Emerson"
Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\) Firmware
Search vendor "Emerson" for product "Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\) Firmware"
<= 2022-04-29
Search vendor "Emerson" for product "Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\) Firmware" and version " <= 2022-04-29"
-
Affected
in Emerson
Search vendor "Emerson"
Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\)
Search vendor "Emerson" for product "Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\)"
--
Safe