VYPR

Vendor CVEs

Emerson

All CVEs

117 total · sorted by risk
  • CVE-2018-14804CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.04

    Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

  • CVE-2017-7931CriJun 6, 2018
    risk 0.64cvss 9.8epss 0.03

    In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2016-8348CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents…

  • CVE-2025-52579CriJul 11, 2025
    risk 0.61cvss 9.4epss 0.00

    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.

  • CVE-2018-14795HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.02

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

  • CVE-2018-14793HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.01

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

  • CVE-2017-7906HigJun 6, 2018
    risk 0.57cvss 8.8epss 0.01

    In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

  • CVE-2022-50930HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code…

  • CVE-2018-14797HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.02

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

  • CVE-2018-14791HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.00

    Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

  • CVE-2025-50109HigJul 11, 2025
    risk 0.50cvss 7.7epss 0.00

    Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

  • CVE-2025-46358HigJul 11, 2025
    risk 0.50cvss 7.7epss 0.00

    Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

  • CVE-2018-12922HigJun 28, 2018
    risk 0.49cvss 7.5epss 0.02

    Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.

  • CVE-2018-5452HigMar 7, 2018
    risk 0.49cvss 7.5epss 0.02

    A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted…

  • CVE-2016-9345MedFeb 13, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

  • CVE-2018-14808MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.

  • CVE-2018-7525MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.

  • CVE-2018-7523MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.

  • CVE-2018-7521MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.

  • CVE-2018-7519MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.

  • CVE-2018-7517MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.

  • CVE-2018-7513MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.

  • CVE-2025-53471MedJul 11, 2025
    risk 0.33cvss 5.1epss 0.00

    Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

  • CVE-2025-48496MedJul 11, 2025
    risk 0.33cvss 5.1epss 0.00

    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

  • CVE-2016-9347MedFeb 13, 2017
    risk 0.33cvss 5.0epss 0.00

    An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled…

  • CVE-2025-11887MedOct 24, 2025
    risk 0.28cvss 4.3epss 0.00

    The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and…

  • CVE-2023-27482Mar 8, 2023
    risk 0.07cvss epss 0.72

    homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1…

  • CVE-2021-45420Feb 14, 2022
    risk 0.07cvss epss 0.26

    Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism,…

  • CVE-2026-34205Mar 27, 2026
    risk 0.00cvss epss 0.00

    Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On…

  • CVE-2023-43609Feb 9, 2024
    risk 0.00cvss epss 0.00

    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.

  • CVE-2023-46687Feb 9, 2024
    risk 0.00cvss epss 0.01

    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.

  • CVE-2023-49716Feb 9, 2024
    risk 0.00cvss epss 0.01

    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

  • CVE-2023-51761Feb 9, 2024
    risk 0.00cvss epss 0.01

    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.

  • CVE-2023-1935Aug 2, 2023
    risk 0.00cvss epss 0.01

    ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.

  • CVE-2022-30260Dec 26, 2022
    risk 0.00cvss epss 0.00

    Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC…

  • CVE-2022-2791Nov 22, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

  • CVE-2022-2793Aug 19, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

  • CVE-2022-2789Aug 19, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.

  • CVE-2022-2790Aug 19, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

  • CVE-2022-2792Aug 19, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

  • CVE-2022-2788Aug 19, 2022
    risk 0.00cvss epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer…

  • CVE-2022-30262Aug 17, 2022
    risk 0.00cvss epss 0.00

    The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images…

  • CVE-2022-30264Aug 16, 2022
    risk 0.00cvss epss 0.00

    The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer…

  • CVE-2022-29959Aug 16, 2022
    risk 0.00cvss epss 0.00

    Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials…

  • CVE-2022-29957Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk…

  • CVE-2022-29960Jul 26, 2022
    risk 0.00cvss epss 0.00

    Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive…

  • CVE-2022-29962Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from…

  • CVE-2022-29964Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

  • CVE-2022-29963Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from…

Page 1 of 3