Vulnerabilities > Emerson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-26 | CVE-2015-1008 | SQL Injection vulnerability in Emerson AMS Device Manager SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. | 6.5 |
| 2014-12-08 | CVE-2013-2810 | Command Injection vulnerability in Emerson products Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | 10.0 |
| 2014-05-22 | CVE-2014-2350 | Credentials Management vulnerability in Emerson Deltav Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. | 7.5 |
| 2014-05-22 | CVE-2014-2349 | Permissions, Privileges, and Access Controls vulnerability in Emerson Deltav Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. | 4.6 |
| 2014-01-24 | CVE-2013-6030 | Path Traversal vulnerability in Emerson Network Power Avocent Mergepoint Unity 2016 Firmware 1.9.16473 Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. | 5.0 |
| 2013-10-03 | CVE-2013-0694 | Credentials Management vulnerability in multiple products The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere. | 9.0 |
| 2013-10-03 | CVE-2013-0693 | Information Exposure vulnerability in multiple products The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic. | 10.0 |
| 2013-10-03 | CVE-2013-0692 | Permissions, Privileges, and Access Controls vulnerability in multiple products The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. | 10.0 |
| 2013-10-03 | CVE-2013-0689 | Code Injection vulnerability in multiple products The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. | 10.0 |
| 2013-03-11 | CVE-2012-4703 | Resource Management Errors vulnerability in Emerson products The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. | 6.1 |