Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2020-6970 | Out-of-bounds Write vulnerability in Emerson Openenterprise Scada Server 2.8.3/3.1/3.3.3 A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | 7.5 |
| 2020-01-16 | CVE-2019-13524 | Improper Input Validation vulnerability in Emerson products GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. | 7.8 |
| 2019-05-28 | CVE-2019-10965 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | 8.8 |
| 2018-10-01 | CVE-2018-14804 | Code Injection vulnerability in Emerson AMS Device Manager Emerson AMS Device Manager v12.0 to v13.5. | 7.5 |
| 2017-02-13 | CVE-2016-8348 | XXE vulnerability in Emerson Liebert Sitescan web An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. | 7.5 |
| 2014-05-22 | CVE-2014-2350 | Credentials Management vulnerability in Emerson Deltav Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. | 7.5 |
| 2012-06-08 | CVE-2012-1817 | Improper Input Validation vulnerability in Emerson products Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. | 7.5 |
| 2012-06-08 | CVE-2012-1815 | SQL Injection vulnerability in Emerson products SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |