Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-29957 Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication.
local
low complexity
emerson CWE-306
7.8
2022-07-26 CVE-2022-29960 Use of Hard-coded Credentials vulnerability in Emerson Openbsi 5.9
Emerson OpenBSI through 2022-04-29 uses weak cryptography.
local
low complexity
emerson CWE-798
5.5
2022-07-26 CVE-2022-29964 Use of Hard-coded Credentials vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-798
5.5
2022-07-26 CVE-2022-29965 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-327
5.5
2022-05-19 CVE-2020-16235 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
local
low complexity
emerson CWE-326
2.1
2022-02-24 CVE-2020-10632 Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
network
low complexity
emerson
5.0
2022-02-24 CVE-2020-10636 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
network
low complexity
emerson CWE-326
5.0
2022-02-24 CVE-2020-10640 Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
network
low complexity
emerson CWE-306
critical
10.0
2022-02-14 CVE-2021-45420 Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi.
network
low complexity
emerson CWE-668
critical
9.8
2022-02-14 CVE-2021-45421 Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing.
network
low complexity
emerson CWE-200
7.5