Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-19419 | Missing Authentication for Critical Function vulnerability in Emerson Smart Wireless Gateway 1420 Firmware 4.6.59 Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | 7.5 |
| 2021-03-10 | CVE-2020-19417 | Unspecified vulnerability in Emerson Wireless 1420 Gateway Firmware 4.6.59 Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | 8.8 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2020-12-21 | CVE-2020-27254 | Improper Authentication vulnerability in Emerson products Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | 7.5 |
| 2020-03-05 | CVE-2020-6971 | Improper Privilege Management vulnerability in Emerson Valvelink 12.0.264/13.4.118 In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | 7.8 |
| 2020-01-16 | CVE-2019-13524 | Improper Input Validation vulnerability in Emerson products GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. | 7.5 |
| 2019-05-28 | CVE-2019-10967 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | 8.8 |
| 2019-05-28 | CVE-2019-10965 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | 8.8 |
| 2018-08-23 | CVE-2018-14797 | Uncontrolled Search Path Element vulnerability in Emerson Deltav Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | 7.8 |
| 2018-08-23 | CVE-2018-14791 | Improper Privilege Management vulnerability in Emerson Deltav Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | 7.8 |