Vulnerabilities > Emerson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-2791 | Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | 7.8 |
| 2022-08-16 | CVE-2022-29959 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson Openbsi 5.9 Emerson OpenBSI through 2022-04-29 mishandles credential storage. | 5.5 |
| 2022-07-26 | CVE-2022-29957 | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |
| 2022-07-26 | CVE-2022-29965 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. | 5.5 |
| 2022-05-19 | CVE-2020-16235 | Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | 2.1 |
| 2022-02-24 | CVE-2020-10632 | Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | 5.0 |
| 2022-02-24 | CVE-2020-10636 | Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | 5.0 |
| 2022-02-24 | CVE-2020-10640 | Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 10.0 |
| 2022-02-14 | CVE-2021-45420 | Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware ** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. | 10.0 |
| 2022-02-14 | CVE-2021-45421 | Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware ** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. | 5.0 |