Vulnerabilities > Emerson

DATE CVE VULNERABILITY TITLE RISK
2021-10-22 CVE-2021-38485 Unspecified vulnerability in Emerson products
The affected product is vulnerable to improper input validation in the restore file.
network
low complexity
emerson
8.8
2021-10-22 CVE-2021-42536 Exposure of Resource to Wrong Sphere vulnerability in Emerson products
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
network
low complexity
emerson CWE-668
6.5
2021-10-22 CVE-2021-42538 Command Injection vulnerability in Emerson products
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
network
low complexity
emerson CWE-77
8.8
2021-10-22 CVE-2021-42539 Unspecified vulnerability in Emerson products
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
network
low complexity
emerson
8.8
2021-10-22 CVE-2021-42540 Unspecified vulnerability in Emerson products
The affected product is vulnerable to a unsanitized extract folder for system configuration.
network
low complexity
emerson
8.8
2021-10-22 CVE-2021-42542 Unspecified vulnerability in Emerson products
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
network
low complexity
emerson
8.8
2021-09-29 CVE-2020-12030 Unspecified vulnerability in Emerson products
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled.
network
low complexity
emerson
critical
10.0
2021-07-30 CVE-2021-29297 Classic Buffer Overflow vulnerability in Emerson Proficy Machine Edition 8.0
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
network
high complexity
emerson CWE-120
5.3
2021-07-30 CVE-2021-29298 Improper Input Validation vulnerability in Emerson Proficy Machine Edition 8.0
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
network
high complexity
emerson CWE-20
5.3
2021-05-20 CVE-2021-27457 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.
network
low complexity
emerson CWE-327
7.5