Vulnerabilities > Emerson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 6.8 |
| 2020-12-21 | CVE-2020-27254 | Improper Authentication vulnerability in Emerson products Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | 5.0 |
| 2020-03-05 | CVE-2020-6971 | Improper Privilege Management vulnerability in Emerson Valvelink 12.0.264/13.4.118 In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | 4.6 |
| 2020-02-19 | CVE-2020-6970 | Out-of-bounds Write vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | 7.5 |
| 2020-01-16 | CVE-2019-13524 | Improper Input Validation vulnerability in Emerson products GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. | 7.8 |
| 2019-05-28 | CVE-2019-10967 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Emerson Ovation Ocr400 Firmware In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | 6.5 |
| 2019-05-28 | CVE-2019-10965 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | 8.8 |
| 2019-05-22 | CVE-2019-12167 | Cross-site Scripting vulnerability in Emerson Liebert Challenger Firmware 5.1E0.5 httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. | 4.3 |
| 2019-05-14 | CVE-2018-11691 | Use of Hard-coded Credentials vulnerability in Emerson Ve6046 Firmware 09.0.12 Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. | 10.0 |
| 2019-01-25 | CVE-2018-19021 | Improper Restriction of Excessive Authentication Attempts vulnerability in Emerson Deltav A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | 3.3 |