Emerson
Products
48- 23 CVEs
- 17 CVEs
- 9 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 48 products →
Recent CVEs
117| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14804 | Cri | 0.64 | 9.8 | 0.04 | Oct 1, 2018 | Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. | ||
| CVE-2017-7931 | Cri | 0.64 | 9.8 | 0.03 | Jun 6, 2018 | In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication. | ||
| CVE-2018-8840 | Cri | 0.64 | 9.8 | 0.08 | Apr 18, 2018 | A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. | ||
| CVE-2016-8348 | Cri | 0.64 | 9.8 | 0.04 | Feb 13, 2017 | An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents… | ||
| CVE-2025-52579 | Cri | 0.61 | 9.4 | 0.00 | Jul 11, 2025 | Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. | ||
| CVE-2018-14795 | Hig | 0.57 | 8.8 | 0.02 | Aug 21, 2018 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | ||
| CVE-2018-14793 | Hig | 0.57 | 8.8 | 0.01 | Aug 21, 2018 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. | ||
| CVE-2017-7906 | Hig | 0.57 | 8.8 | 0.01 | Jun 6, 2018 | In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | ||
| CVE-2022-50930 | Hig | 0.55 | 8.4 | 0.00 | Jan 13, 2026 | Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code… | ||
| CVE-2018-14797 | Hig | 0.51 | 7.8 | 0.02 | Aug 23, 2018 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | ||
| CVE-2018-14791 | Hig | 0.51 | 7.8 | 0.00 | Aug 23, 2018 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | ||
| CVE-2025-50109 | Hig | 0.50 | 7.7 | 0.00 | Jul 11, 2025 | Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | ||
| CVE-2025-46358 | Hig | 0.50 | 7.7 | 0.00 | Jul 11, 2025 | Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | ||
| CVE-2018-12922 | Hig | 0.49 | 7.5 | 0.02 | Jun 28, 2018 | Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | ||
| CVE-2018-5452 | Hig | 0.49 | 7.5 | 0.02 | Mar 7, 2018 | A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted… | ||
| CVE-2016-9345 | Med | 0.44 | 6.8 | 0.00 | Feb 13, 2017 | An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. | ||
| CVE-2018-14808 | Med | 0.42 | 6.5 | 0.01 | Oct 1, 2018 | Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. | ||
| CVE-2018-7525 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. | ||
| CVE-2018-7523 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. | ||
| CVE-2018-7521 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. |
- risk 0.64cvss 9.8epss 0.04
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
- risk 0.64cvss 9.8epss 0.03
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.
- risk 0.64cvss 9.8epss 0.08
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents…
- risk 0.61cvss 9.4epss 0.00
Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.
- risk 0.57cvss 8.8epss 0.02
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
- risk 0.57cvss 8.8epss 0.01
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
- risk 0.57cvss 8.8epss 0.01
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
- risk 0.55cvss 8.4epss 0.00
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code…
- risk 0.51cvss 7.8epss 0.02
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
- risk 0.51cvss 7.8epss 0.00
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
- risk 0.50cvss 7.7epss 0.00
Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
- risk 0.50cvss 7.7epss 0.00
Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
- risk 0.49cvss 7.5epss 0.02
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.
- risk 0.49cvss 7.5epss 0.02
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted…
- risk 0.44cvss 6.8epss 0.00
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
- risk 0.42cvss 6.5epss 0.01
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.