Vulnerabilities > CVE-2014-2350 - Credentials Management vulnerability in Emerson Deltav

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

emerson

CWE-255

NVD

Published: 2014-05-22

Updated: 2014-05-23

Summary

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Vulnerable Configurations

Part	Description	Count
Application	Emerson Emerson Deltav 11.3.1 Emerson Deltav 10.3.1 Emerson Deltav 11.3 Emerson Deltav 12.3	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02