Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2020-10632 Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
network
low complexity
emerson
5.0
2022-02-24 CVE-2020-10636 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
network
low complexity
emerson CWE-326
5.0
2022-02-24 CVE-2020-10640 Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
network
low complexity
emerson CWE-306
critical
10.0
2022-02-14 CVE-2021-45420 Improper Authentication vulnerability in Emerson Dixell Xweb-500 Firmware
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi.
network
low complexity
emerson CWE-287
critical
10.0
2022-02-14 CVE-2021-45421 Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing.
network
low complexity
emerson CWE-668
5.0
2022-01-28 CVE-2021-26264 Missing Authentication for Critical Function vulnerability in Emerson products
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
local
low complexity
emerson CWE-306
4.9
2022-01-28 CVE-2021-44463 Uncontrolled Search Path Element vulnerability in Emerson products
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
local
low complexity
emerson CWE-427
7.2
2021-12-30 CVE-2021-45427 Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal.
network
low complexity
emerson CWE-22
7.5
2021-10-22 CVE-2021-38485 Improper Input Validation vulnerability in Emerson products
The affected product is vulnerable to improper input validation in the restore file.
network
low complexity
emerson CWE-20
6.5
2021-10-22 CVE-2021-42536 Exposure of Resource to Wrong Sphere vulnerability in Emerson products
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
network
low complexity
emerson CWE-668
4.0