Vulnerabilities > Emerson > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-26264 | Missing Authentication for Critical Function vulnerability in Emerson products A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | 5.5 |
| 2021-10-22 | CVE-2021-42536 | Exposure of Resource to Wrong Sphere vulnerability in Emerson products The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | 6.5 |
| 2021-07-30 | CVE-2021-29297 | Classic Buffer Overflow vulnerability in Emerson Proficy Machine Edition 8.0 Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll". | 5.3 |
| 2021-07-30 | CVE-2021-29298 | Improper Input Validation vulnerability in Emerson Proficy Machine Edition 8.0 Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll". | 5.3 |
| 2021-05-20 | CVE-2021-27463 | Information Exposure Through Persistent Cookies vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 5.3 |
| 2021-05-20 | CVE-2021-27465 | Cross-site Scripting vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 6.1 |
| 2021-05-20 | CVE-2021-27467 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Emerson products A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. | 6.1 |
| 2019-05-22 | CVE-2019-12167 | Cross-site Scripting vulnerability in Emerson Liebert Challenger Firmware 5.1E0.5 httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. | 6.1 |
| 2019-01-25 | CVE-2018-19021 | Improper Restriction of Excessive Authentication Attempts vulnerability in Emerson Deltav A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | 6.5 |
| 2018-10-01 | CVE-2018-14808 | Improper Privilege Management vulnerability in Emerson AMS Device Manager Emerson AMS Device Manager v12.0 to v13.5. | 6.5 |