Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-29965 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords.
local
low complexity
emerson CWE-327
5.5
2022-05-19 CVE-2020-16235 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
local
low complexity
emerson CWE-326
6.5
2022-02-24 CVE-2020-10632 Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
network
low complexity
emerson
5.3
2022-02-24 CVE-2020-10636 Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
network
low complexity
emerson CWE-326
7.5
2022-02-24 CVE-2020-10640 Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
network
low complexity
emerson CWE-306
critical
9.8
2022-02-14 CVE-2021-45420 Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi.
network
low complexity
emerson CWE-668
critical
9.8
2022-02-14 CVE-2021-45421 Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing.
network
low complexity
emerson CWE-200
7.5
2022-01-28 CVE-2021-26264 Missing Authentication for Critical Function vulnerability in Emerson products
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
local
low complexity
emerson CWE-306
5.5
2022-01-28 CVE-2021-44463 Uncontrolled Search Path Element vulnerability in Emerson Deltav
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
local
low complexity
emerson CWE-427
7.3
2021-12-30 CVE-2021-45427 Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal.
network
low complexity
emerson CWE-22
critical
9.8