Vulnerabilities > Emerson > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2023-43609 | Unspecified vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | 9.1 |
| 2024-02-09 | CVE-2023-46687 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 9.8 |
| 2024-02-09 | CVE-2023-49716 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 9.8 |
| 2023-08-02 | CVE-2023-1935 | Improper Authentication vulnerability in Emerson products ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition. | 9.4 |
| 2022-08-16 | CVE-2022-30264 | Insufficient Verification of Data Authenticity vulnerability in Emerson products The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. | 9.8 |
| 2022-02-24 | CVE-2020-10640 | Missing Authentication for Critical Function vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 9.8 |
| 2022-02-14 | CVE-2021-45420 | Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. | 9.8 |
| 2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 9.8 |
| 2021-09-29 | CVE-2020-12030 | Unspecified vulnerability in Emerson products There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. | 10.0 |
| 2021-05-20 | CVE-2021-27459 | Unrestricted Upload of File with Dangerous Type vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 9.8 |