Vulnerabilities > CVE-2016-9347 - 7PK - Security Features vulnerability in Emerson products

CVSS 5.4 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

emerson

CWE-254

NVD

Published: 2017-02-13

Updated: 2017-03-13

Summary

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.

Vulnerable Configurations

Part	Description	Count
OS	Emerson Emerson Se4801T0X Redundant Wireless I/O Card Firmware 13.3 Emerson Se4801T1X Simplex Wireless I/O Card Firmware 13.3	2
Hardware	Emerson Emerson Se4801T0X Redundant Wireless I/O Card - Emerson Se4801T1X Simplex Wireless I/O Card -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://www.securityfocus.com/bid/94586
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03