Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2022-08-19 CVE-2022-2793 Insufficient Verification of Data Authenticity vulnerability in Emerson Electric'S Proficy
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.
local
low complexity
emerson CWE-345
7.8
2022-08-19 CVE-2022-2788 Path Traversal vulnerability in Emerson Electric'S Proficy
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC.
local
low complexity
emerson CWE-22
7.3
2022-08-17 CVE-2022-30262 Insufficient Verification of Data Authenticity vulnerability in Emerson products
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.
local
low complexity
emerson CWE-345
7.8
2022-08-16 CVE-2022-29959 Insufficiently Protected Credentials vulnerability in Emerson Openbsi 5.9
Emerson OpenBSI through 2022-04-29 mishandles credential storage.
local
low complexity
emerson CWE-522
5.5
2022-08-16 CVE-2022-30264 Insufficient Verification of Data Authenticity vulnerability in Emerson products
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations.
network
low complexity
emerson CWE-345
critical
9.8
2022-07-26 CVE-2022-29957 Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication.
local
low complexity
emerson CWE-306
7.8
2022-07-26 CVE-2022-29960 Use of Hard-coded Credentials vulnerability in Emerson Openbsi 5.9
Emerson OpenBSI through 2022-04-29 uses weak cryptography.
local
low complexity
emerson CWE-798
5.5
2022-07-26 CVE-2022-29962 Use of Hard-coded Credentials vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-798
5.5
2022-07-26 CVE-2022-29963 Use of Hard-coded Credentials vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-798
5.5
2022-07-26 CVE-2022-29964 Use of Hard-coded Credentials vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-798
5.5