Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-1155 | Incorrect Authorization vulnerability in Emerson products Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2024-02-20 | CVE-2024-1156 | Incorrect Authorization vulnerability in Emerson products Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | 7.8 |
| 2024-02-09 | CVE-2023-51761 | Improper Authentication vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 8.1 |
| 2022-12-26 | CVE-2022-30260 | Insufficient Verification of Data Authenticity vulnerability in Emerson products Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). | 7.8 |
| 2022-11-22 | CVE-2022-2791 | Unspecified vulnerability in Emerson Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | 7.8 |
| 2022-08-19 | CVE-2022-2792 | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | 7.5 |
| 2022-08-19 | CVE-2022-2793 | Insufficient Verification of Data Authenticity vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. | 7.8 |
| 2022-08-19 | CVE-2022-2788 | Path Traversal vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. | 7.3 |
| 2022-08-17 | CVE-2022-30262 | Insufficient Verification of Data Authenticity vulnerability in Emerson products The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. | 7.8 |
| 2022-07-26 | CVE-2022-29957 | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |