Vulnerabilities > Emerson > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2020-12-21 | CVE-2020-27254 | Improper Authentication vulnerability in Emerson products Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | 7.5 |
| 2020-03-05 | CVE-2020-6971 | Improper Privilege Management vulnerability in Emerson Valvelink 12.0.264/13.4.118 In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | 7.8 |
| 2020-01-16 | CVE-2019-13524 | Improper Input Validation vulnerability in Emerson products GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. | 7.5 |
| 2019-05-28 | CVE-2019-10967 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | 8.8 |
| 2019-05-28 | CVE-2019-10965 | Out-of-bounds Write vulnerability in Emerson Ovation Ocr400 Firmware 3.3.1 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | 8.8 |
| 2018-08-23 | CVE-2018-14797 | Uncontrolled Search Path Element vulnerability in Emerson Deltav Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | 7.8 |
| 2018-08-23 | CVE-2018-14791 | Improper Privilege Management vulnerability in Emerson Deltav Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | 7.8 |
| 2018-08-21 | CVE-2018-14795 | Path Traversal vulnerability in Emerson Deltav DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | 8.8 |
| 2018-08-21 | CVE-2018-14793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Emerson Deltav DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. | 8.8 |