Vulnerabilities > Emerson
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-26 | CVE-2022-29965 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. | 5.5 |
2022-05-19 | CVE-2020-16235 | Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | 6.5 |
2022-02-24 | CVE-2020-10632 | Unspecified vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | 5.3 |
2022-02-24 | CVE-2020-10636 | Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | 7.5 |
2022-02-24 | CVE-2020-10640 | Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 9.8 |
2022-02-14 | CVE-2021-45420 | Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. | 9.8 |
2022-02-14 | CVE-2021-45421 | Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. | 7.5 |
2022-01-28 | CVE-2021-26264 | Missing Authentication for Critical Function vulnerability in Emerson products A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | 5.5 |
2022-01-28 | CVE-2021-44463 | Uncontrolled Search Path Element vulnerability in Emerson Deltav Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | 7.3 |
2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 9.8 |