Vulnerabilities > CVE-2016-9347 - 7PK - Security Features vulnerability in Emerson products

CVSS 5.0 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

high complexity

emerson

CWE-254

NVD

Published: 2017-02-13

Updated: 2017-03-13

Summary

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.

Vulnerable Configurations

Part	Description	Count
OS	Emerson Emerson Se4801T0X Redundant Wireless I/O Card Firmware 13.3 Emerson Se4801T1X Simplex Wireless I/O Card Firmware 13.3	2
Hardware	Emerson Emerson Se4801T0X Redundant Wireless I/O Card - Emerson Se4801T1X Simplex Wireless I/O Card -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03
http://www.securityfocus.com/bid/94586