Vulnerabilities > CVE-2014-2350 - Credentials Management vulnerability in Emerson Deltav

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

emerson

CWE-255

NVD

Published: 2014-05-22

Updated: 2014-05-23

Summary

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Vulnerable Configurations

Part	Description	Count
Application	Emerson Emerson Deltav 10.3.1 Emerson Deltav 11.3 Emerson Deltav 11.3.1 Emerson Deltav 12.3	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02