Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-27254 Improper Authentication vulnerability in Emerson products
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
network
low complexity
emerson CWE-287
5.0
2020-03-05 CVE-2020-6971 Improper Privilege Management vulnerability in Emerson Valvelink 12.0.264/13.4.118
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
local
low complexity
emerson CWE-269
4.6
2020-02-19 CVE-2020-6970 Out-Of-Bounds Write vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
network
low complexity
emerson CWE-787
7.5
2020-01-16 CVE-2019-13524 Improper Input Validation vulnerability in Emerson products
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition.
network
low complexity
emerson CWE-20
7.8
2019-05-28 CVE-2019-10967 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Emerson Ovation Ocr400 Firmware
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.
network
low complexity
emerson CWE-119
6.5
2019-05-28 CVE-2019-10965 Out-Of-Bounds Write vulnerability in Emerson Ovation Ocr400 Firmware
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.
network
low complexity
emerson CWE-787
6.5
2019-05-22 CVE-2019-12167 Cross-Site Scripting vulnerability in Emerson Liebert Challenger Firmware 5.1E0.5
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
network
emerson CWE-79
4.3
2019-05-14 CVE-2018-11691 USE of Hard-Coded Credentials vulnerability in Emerson Ve6046 Firmware 09.0.12
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning.
network
low complexity
emerson CWE-798
critical
10.0
2019-01-25 CVE-2018-19021 Improper Restriction of Excessive Authentication Attempts vulnerability in Emerson Deltav Distributed Control System
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
low complexity
emerson CWE-307
3.3
2018-10-01 CVE-2018-14808 Improper Privilege Management vulnerability in Emerson AMS Device Manager
Emerson AMS Device Manager v12.0 to v13.5.
network
low complexity
emerson CWE-269
4.0