Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2023-51761 | Improper Authentication vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 8.1 |
| 2022-12-26 | CVE-2022-30260 | Insufficient Verification of Data Authenticity vulnerability in Emerson products Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). | 7.8 |
| 2022-11-22 | CVE-2022-2791 | Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | 7.8 |
| 2022-08-19 | CVE-2022-2792 | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | 7.5 |
| 2022-08-19 | CVE-2022-2788 | Path Traversal vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. | 7.3 |
| 2022-07-26 | CVE-2022-29957 | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |
| 2022-02-14 | CVE-2021-45421 | Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. | 7.5 |
| 2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 7.5 |
| 2021-05-20 | CVE-2021-27459 | Unrestricted Upload of File with Dangerous Type vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 7.5 |
| 2021-03-10 | CVE-2020-19419 | Missing Authentication for Critical Function vulnerability in Emerson Smart Wireless Gateway 1420 Firmware 4.6.59 Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | 7.5 |