VYPR

Deltav

by Emerson

CVEs (17)

  • CVE-2018-14795HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.02

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

  • CVE-2018-14793HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.01

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

  • CVE-2018-14797HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.02

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

  • CVE-2018-14791HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.00

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

  • CVE-2016-9345MedFeb 13, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

  • CVE-2022-29957Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk…

  • CVE-2022-29964Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

  • CVE-2021-26264Jan 28, 2022
    risk 0.00cvss epss 0.00

    A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.

  • CVE-2018-19021Jan 25, 2019
    risk 0.00cvss epss 0.01

    A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

  • CVE-2014-2350May 22, 2014
    risk 0.00cvss epss 0.01

    Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

  • CVE-2014-2349May 22, 2014
    risk 0.00cvss epss 0.01

    Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

  • CVE-2012-3035Oct 1, 2012
    risk 0.00cvss epss 0.02

    Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.

  • CVE-2012-1818Jun 8, 2012
    risk 0.00cvss epss 0.02

    An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.

  • CVE-2012-1817Jun 8, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a…

  • CVE-2012-1816Jun 8, 2012
    risk 0.00cvss epss 0.02

    PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.

  • CVE-2012-1815Jun 8, 2012
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-1814Jun 8, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.