Vulnerabilities > Emerson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-26264 | Missing Authentication for Critical Function vulnerability in Emerson products A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | 4.9 |
| 2022-01-28 | CVE-2021-44463 | Uncontrolled Search Path Element vulnerability in Emerson Deltav Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | 6.9 |
| 2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 7.5 |
| 2021-10-22 | CVE-2021-38485 | Improper Input Validation vulnerability in Emerson products The affected product is vulnerable to improper input validation in the restore file. | 6.5 |
| 2021-10-22 | CVE-2021-42536 | Exposure of Resource to Wrong Sphere vulnerability in Emerson products The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | 4.0 |
| 2021-10-22 | CVE-2021-42538 | Command Injection vulnerability in Emerson products The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | 6.5 |
| 2021-10-22 | CVE-2021-42539 | Missing Authentication for Critical Function vulnerability in Emerson products The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | 6.5 |
| 2021-10-22 | CVE-2021-42540 | Write-what-where Condition vulnerability in Emerson products The affected product is vulnerable to a unsanitized extract folder for system configuration. | 6.5 |
| 2021-10-22 | CVE-2021-42542 | Path Traversal vulnerability in Emerson products The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | 6.5 |
| 2021-09-29 | CVE-2020-12030 | Unspecified vulnerability in Emerson products There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. network emerson | 6.8 |