Vulnerabilities > Emerson > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-28 CVE-2021-44463 Uncontrolled Search Path Element vulnerability in Emerson Deltav
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
local
low complexity
emerson CWE-427
7.3
7.3
2021-10-22 CVE-2021-38485 Improper Input Validation vulnerability in Emerson products
The affected product is vulnerable to improper input validation in the restore file.
network
low complexity
emerson CWE-20
8.8
8.8
2021-10-22 CVE-2021-42538 Command Injection vulnerability in Emerson products
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
network
low complexity
emerson CWE-77
8.8
8.8
2021-10-22 CVE-2021-42539 Missing Authentication for Critical Function vulnerability in Emerson products
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
network
low complexity
emerson CWE-306
8.8
8.8
2021-10-22 CVE-2021-42540 Write-what-where Condition vulnerability in Emerson products
The affected product is vulnerable to a unsanitized extract folder for system configuration.
network
low complexity
emerson CWE-123
8.8
8.8
2021-10-22 CVE-2021-42542 Path Traversal vulnerability in Emerson products
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
network
low complexity
emerson CWE-22
8.8
8.8
2021-05-20 CVE-2021-27457 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.
network
low complexity
emerson CWE-327
7.5
7.5
2021-05-20 CVE-2021-27461 Path Traversal vulnerability in Emerson products
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.
network
low complexity
emerson CWE-22
7.5
7.5
2021-03-10 CVE-2020-19419 Missing Authentication for Critical Function vulnerability in Emerson Smart Wireless Gateway 1420 Firmware 4.6.59
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
network
low complexity
emerson CWE-306
7.5
7.5
2021-03-10 CVE-2020-19417 Unspecified vulnerability in Emerson Wireless 1420 Gateway Firmware 4.6.59
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
network
low complexity
emerson
8.8
8.8