VYPR
Vendor

Emerson

Products
48
CVEs
117
Across products
137
Status
Private

Products

48
View all 48 products →

Recent CVEs

117
View all 117 CVEs →
  • CVE-2018-14804CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.04

    Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

  • CVE-2017-7931CriJun 6, 2018
    risk 0.64cvss 9.8epss 0.03

    In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2016-8348CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents…

  • CVE-2025-52579CriJul 11, 2025
    risk 0.61cvss 9.4epss 0.00

    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.

  • CVE-2018-14795HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.02

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

  • CVE-2018-14793HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.01

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

  • CVE-2017-7906HigJun 6, 2018
    risk 0.57cvss 8.8epss 0.01

    In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

  • CVE-2022-50930HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code…

  • CVE-2018-14797HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.02

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

  • CVE-2018-14791HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.00

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

  • CVE-2025-50109HigJul 11, 2025
    risk 0.50cvss 7.7epss 0.00

    Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

  • CVE-2025-46358HigJul 11, 2025
    risk 0.50cvss 7.7epss 0.00

    Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

  • CVE-2018-12922HigJun 28, 2018
    risk 0.49cvss 7.5epss 0.02

    Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.

  • CVE-2018-5452HigMar 7, 2018
    risk 0.49cvss 7.5epss 0.02

    A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted…

  • CVE-2016-9345MedFeb 13, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

  • CVE-2018-14808MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.

  • CVE-2018-7525MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.

  • CVE-2018-7523MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.

  • CVE-2018-7521MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.