Vendor CVEs
Emerson
All CVEs
117 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29965 | 0.00 | — | 0.00 | Jul 26, 2022 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility… | |||
| CVE-2020-16235 | 0.00 | — | 0.00 | May 19, 2022 | Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | |||
| CVE-2020-10636 | 0.00 | — | 0.00 | Feb 24, 2022 | Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||
| CVE-2020-10640 | 0.00 | — | 0.03 | Feb 24, 2022 | Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | |||
| CVE-2020-10632 | 0.00 | — | 0.00 | Feb 24, 2022 | Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | |||
| CVE-2021-45421 | 0.00 | — | 0.02 | Feb 14, 2022 | Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or… | |||
| CVE-2021-44463 | 0.00 | — | 0.00 | Jan 28, 2022 | Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | |||
| CVE-2021-26264 | 0.00 | — | 0.00 | Jan 28, 2022 | A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | |||
| CVE-2021-45427 | 0.00 | — | 0.19 | Dec 30, 2021 | Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||
| CVE-2021-38485 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | |||
| CVE-2021-42542 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||
| CVE-2021-42540 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. | |||
| CVE-2021-42536 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||
| CVE-2021-42539 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | |||
| CVE-2021-42538 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | |||
| CVE-2021-20836 | 0.00 | — | 0.01 | Oct 19, 2021 | Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. | |||
| CVE-2020-12030 | 0.00 | — | 0.01 | Sep 29, 2021 | There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||
| CVE-2021-29297 | 0.00 | — | 0.01 | Jul 30, 2021 | Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll". | |||
| CVE-2021-27461 | 0.00 | — | 0.01 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. | |||
| CVE-2021-27459 | 0.00 | — | 0.02 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. | |||
| CVE-2021-27457 | 0.00 | — | 0.00 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | |||
| CVE-2021-27467 | 0.00 | — | 0.01 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. | |||
| CVE-2021-27465 | 0.00 | — | 0.01 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page… | |||
| CVE-2021-27463 | 0.00 | — | 0.01 | May 20, 2021 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to… | |||
| CVE-2020-19419 | 0.00 | — | 0.03 | Mar 10, 2021 | Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | |||
| CVE-2020-19417 | 0.00 | — | 0.03 | Mar 10, 2021 | Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | |||
| CVE-2020-27254 | 0.00 | — | 0.01 | Dec 21, 2020 | Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to… | |||
| CVE-2020-6971 | 0.00 | — | 0.00 | Mar 5, 2020 | In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | |||
| CVE-2020-6970 | 0.00 | — | 0.03 | Feb 19, 2020 | A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise… | |||
| CVE-2019-18251 | 0.00 | — | 0.02 | Nov 25, 2019 | In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | |||
| CVE-2019-16353 | 0.00 | — | 0.01 | Sep 16, 2019 | Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | |||
| CVE-2019-12105 | 0.00 | — | 0.02 | Sep 10, 2019 | In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning… | |||
| CVE-2019-10967 | 0.00 | — | 0.04 | May 28, 2019 | In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers,… | |||
| CVE-2019-10965 | 0.00 | — | 0.04 | May 28, 2019 | In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to… | |||
| CVE-2018-11691 | 0.00 | — | 0.02 | May 14, 2019 | Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can… | |||
| CVE-2018-17937 | 0.00 | — | 0.03 | Mar 13, 2019 | gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. | |||
| CVE-2018-19008 | 0.00 | — | 0.02 | Feb 13, 2019 | The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. | |||
| CVE-2018-19018 | 0.00 | — | 0.01 | Feb 12, 2019 | An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||
| CVE-2018-19020 | 0.00 | — | 0.01 | Feb 12, 2019 | When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. | |||
| CVE-2019-6517 | 0.00 | — | 0.00 | Feb 6, 2019 | BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged… | |||
| CVE-2018-19015 | 0.00 | — | 0.01 | Jan 28, 2019 | An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | |||
| CVE-2018-19021 | 0.00 | — | 0.01 | Jan 25, 2019 | A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | |||
| CVE-2018-19013 | 0.00 | — | 0.01 | Jan 22, 2019 | An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | |||
| CVE-2018-19017 | 0.00 | — | 0.02 | Jan 22, 2019 | Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute… | |||
| CVE-2018-19011 | 0.00 | — | 0.02 | Jan 22, 2019 | CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. | |||
| CVE-2018-19019 | 0.00 | — | 0.01 | Jan 22, 2019 | A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||
| CVE-2018-17907 | 0.00 | — | 0.01 | Nov 5, 2018 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | |||
| CVE-2018-17905 | 0.00 | — | 0.01 | Nov 5, 2018 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. | |||
| CVE-2018-17913 | 0.00 | — | 0.02 | Nov 5, 2018 | A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. | |||
| CVE-2018-17909 | 0.00 | — | 0.02 | Nov 5, 2018 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. |
- CVE-2022-29965Jul 26, 2022risk 0.00cvss —epss 0.00
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility…
- CVE-2020-16235May 19, 2022risk 0.00cvss —epss 0.00
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
- CVE-2020-10636Feb 24, 2022risk 0.00cvss —epss 0.00
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
- CVE-2020-10640Feb 24, 2022risk 0.00cvss —epss 0.03
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
- CVE-2020-10632Feb 24, 2022risk 0.00cvss —epss 0.00
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
- CVE-2021-45421Feb 14, 2022risk 0.00cvss —epss 0.02
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or…
- CVE-2021-44463Jan 28, 2022risk 0.00cvss —epss 0.00
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
- CVE-2021-26264Jan 28, 2022risk 0.00cvss —epss 0.00
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
- CVE-2021-45427Dec 30, 2021risk 0.00cvss —epss 0.19
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
- CVE-2021-38485Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
- CVE-2021-42542Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
- CVE-2021-42540Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
- CVE-2021-42536Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
- CVE-2021-42539Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
- CVE-2021-42538Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
- CVE-2021-20836Oct 19, 2021risk 0.00cvss —epss 0.01
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
- CVE-2020-12030Sep 29, 2021risk 0.00cvss —epss 0.01
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
- CVE-2021-29297Jul 30, 2021risk 0.00cvss —epss 0.01
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
- CVE-2021-27461May 20, 2021risk 0.00cvss —epss 0.01
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.
- CVE-2021-27459May 20, 2021risk 0.00cvss —epss 0.02
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.
- CVE-2021-27457May 20, 2021risk 0.00cvss —epss 0.00
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
- CVE-2021-27467May 20, 2021risk 0.00cvss —epss 0.01
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
- CVE-2021-27465May 20, 2021risk 0.00cvss —epss 0.01
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page…
- CVE-2021-27463May 20, 2021risk 0.00cvss —epss 0.01
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to…
- CVE-2020-19419Mar 10, 2021risk 0.00cvss —epss 0.03
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
- CVE-2020-19417Mar 10, 2021risk 0.00cvss —epss 0.03
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
- CVE-2020-27254Dec 21, 2020risk 0.00cvss —epss 0.01
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to…
- CVE-2020-6971Mar 5, 2020risk 0.00cvss —epss 0.00
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
- CVE-2020-6970Feb 19, 2020risk 0.00cvss —epss 0.03
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise…
- CVE-2019-18251Nov 25, 2019risk 0.00cvss —epss 0.02
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
- CVE-2019-16353Sep 16, 2019risk 0.00cvss —epss 0.01
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
- CVE-2019-12105Sep 10, 2019risk 0.00cvss —epss 0.02
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning…
- CVE-2019-10967May 28, 2019risk 0.00cvss —epss 0.04
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers,…
- CVE-2019-10965May 28, 2019risk 0.00cvss —epss 0.04
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to…
- CVE-2018-11691May 14, 2019risk 0.00cvss —epss 0.02
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can…
- CVE-2018-17937Mar 13, 2019risk 0.00cvss —epss 0.03
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
- CVE-2018-19008Feb 13, 2019risk 0.00cvss —epss 0.02
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
- CVE-2018-19018Feb 12, 2019risk 0.00cvss —epss 0.01
An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- CVE-2018-19020Feb 12, 2019risk 0.00cvss —epss 0.01
When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.
- CVE-2019-6517Feb 6, 2019risk 0.00cvss —epss 0.00
BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged…
- CVE-2018-19015Jan 28, 2019risk 0.00cvss —epss 0.01
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.
- CVE-2018-19021Jan 25, 2019risk 0.00cvss —epss 0.01
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
- CVE-2018-19013Jan 22, 2019risk 0.00cvss —epss 0.01
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.
- CVE-2018-19017Jan 22, 2019risk 0.00cvss —epss 0.02
Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute…
- CVE-2018-19011Jan 22, 2019risk 0.00cvss —epss 0.02
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
- CVE-2018-19019Jan 22, 2019risk 0.00cvss —epss 0.01
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- CVE-2018-17907Nov 5, 2018risk 0.00cvss —epss 0.01
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
- CVE-2018-17905Nov 5, 2018risk 0.00cvss —epss 0.01
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
- CVE-2018-17913Nov 5, 2018risk 0.00cvss —epss 0.02
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.
- CVE-2018-17909Nov 5, 2018risk 0.00cvss —epss 0.02
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
Page 2 of 3