Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-43609 Unspecified vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
network
low complexity
emerson
critical
9.1
2024-02-09 CVE-2023-46687 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8
2024-02-09 CVE-2023-49716 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8
2024-02-09 CVE-2023-51761 Improper Authentication vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
network
high complexity
emerson CWE-287
8.1
2023-08-02 CVE-2023-1935 Improper Authentication vulnerability in Emerson products
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.
network
low complexity
emerson CWE-287
critical
9.4
2022-12-26 CVE-2022-30260 Insufficient Verification of Data Authenticity vulnerability in Emerson products
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature).
local
low complexity
emerson CWE-345
7.8
2022-11-22 CVE-2022-2791 Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.
local
low complexity
emerson CWE-434
7.8
2022-08-19 CVE-2022-2792 Unspecified vulnerability in Emerson Electric'S Proficy
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
network
low complexity
emerson
7.5
2022-08-19 CVE-2022-2788 Path Traversal vulnerability in Emerson Electric'S Proficy
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC.
local
low complexity
emerson CWE-22
7.3
2022-08-16 CVE-2022-29959 Insufficiently Protected Credentials vulnerability in Emerson Openbsi 5.9
Emerson OpenBSI through 2022-04-29 mishandles credential storage.
local
low complexity
emerson CWE-522
5.5