Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2023-51761 | Improper Authentication vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 8.1 |
| 2022-12-26 | CVE-2022-30260 | Insufficient Verification of Data Authenticity vulnerability in Emerson products Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). | 7.8 |
| 2022-11-22 | CVE-2022-2791 | Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | 7.8 |
| 2022-08-19 | CVE-2022-2792 | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | 7.5 |
| 2022-08-19 | CVE-2022-2793 | Insufficient Verification of Data Authenticity vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. | 7.8 |
| 2022-08-19 | CVE-2022-2788 | Path Traversal vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. | 7.3 |
| 2022-08-17 | CVE-2022-30262 | Insufficient Verification of Data Authenticity vulnerability in Emerson products The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. | 7.8 |
| 2022-07-26 | CVE-2022-29957 | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |
| 2022-02-24 | CVE-2020-10636 | Inadequate Encryption Strength vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | 7.5 |
| 2022-02-14 | CVE-2021-45421 | Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. | 7.5 |