Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-2791 Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.
local
low complexity
emerson CWE-434
7.8
2022-08-16 CVE-2022-29959 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson Openbsi 5.9
Emerson OpenBSI through 2022-04-29 mishandles credential storage.
local
low complexity
emerson CWE-327
5.5
2022-05-19 CVE-2020-16235 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
local
low complexity
emerson CWE-326
2.1
2022-02-24 CVE-2020-10632 Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
network
low complexity
emerson
5.0
2022-02-24 CVE-2020-10636 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
network
low complexity
emerson CWE-326
5.0
2022-02-24 CVE-2020-10640 Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
network
low complexity
emerson CWE-306
critical
10.0
2022-02-14 CVE-2021-45420 Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi.
network
low complexity
emerson CWE-668
critical
10.0
2022-02-14 CVE-2021-45421 Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing.
network
low complexity
emerson CWE-668
5.0
2022-01-28 CVE-2021-26264 Missing Authentication for Critical Function vulnerability in Emerson products
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
local
low complexity
emerson CWE-306
4.9
2022-01-28 CVE-2021-44463 Uncontrolled Search Path Element vulnerability in Emerson Deltav
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
6.9