VYPR

Vendor CVEs

Emerson

All CVEs

117 total · sorted by risk
  • CVE-2022-29965Jul 26, 2022
    risk 0.00cvss epss 0.00

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility…

  • CVE-2020-16235May 19, 2022
    risk 0.00cvss epss 0.00

    Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.

  • CVE-2020-10636Feb 24, 2022
    risk 0.00cvss epss 0.00

    Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.

  • CVE-2020-10640Feb 24, 2022
    risk 0.00cvss epss 0.03

    Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.

  • CVE-2020-10632Feb 24, 2022
    risk 0.00cvss epss 0.00

    Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.

  • CVE-2021-45421Feb 14, 2022
    risk 0.00cvss epss 0.02

    Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or…

  • CVE-2021-44463Jan 28, 2022
    risk 0.00cvss epss 0.00

    Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

  • CVE-2021-26264Jan 28, 2022
    risk 0.00cvss epss 0.00

    A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.

  • CVE-2021-45427Dec 30, 2021
    risk 0.00cvss epss 0.19

    Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

  • CVE-2021-38485Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

  • CVE-2021-42542Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

  • CVE-2021-42540Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

  • CVE-2021-42536Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.

  • CVE-2021-42539Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

  • CVE-2021-42538Oct 22, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

  • CVE-2021-20836Oct 19, 2021
    risk 0.00cvss epss 0.01

    Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.

  • CVE-2020-12030Sep 29, 2021
    risk 0.00cvss epss 0.01

    There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.

  • CVE-2021-29297Jul 30, 2021
    risk 0.00cvss epss 0.01

    Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".

  • CVE-2021-27461May 20, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.

  • CVE-2021-27459May 20, 2021
    risk 0.00cvss epss 0.02

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.

  • CVE-2021-27457May 20, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

  • CVE-2021-27467May 20, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.

  • CVE-2021-27465May 20, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page…

  • CVE-2021-27463May 20, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to…

  • CVE-2020-19419Mar 10, 2021
    risk 0.00cvss epss 0.03

    Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.

  • CVE-2020-19417Mar 10, 2021
    risk 0.00cvss epss 0.03

    Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.

  • CVE-2020-27254Dec 21, 2020
    risk 0.00cvss epss 0.01

    Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to…

  • CVE-2020-6971Mar 5, 2020
    risk 0.00cvss epss 0.00

    In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.

  • CVE-2020-6970Feb 19, 2020
    risk 0.00cvss epss 0.03

    A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise…

  • CVE-2019-18251Nov 25, 2019
    risk 0.00cvss epss 0.02

    In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

  • CVE-2019-16353Sep 16, 2019
    risk 0.00cvss epss 0.01

    Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.

  • CVE-2019-12105Sep 10, 2019
    risk 0.00cvss epss 0.02

    In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning…

  • CVE-2019-10967May 28, 2019
    risk 0.00cvss epss 0.04

    In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers,…

  • CVE-2019-10965May 28, 2019
    risk 0.00cvss epss 0.04

    In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to…

  • CVE-2018-11691May 14, 2019
    risk 0.00cvss epss 0.02

    Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can…

  • CVE-2018-17937Mar 13, 2019
    risk 0.00cvss epss 0.03

    gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.

  • CVE-2018-19008Feb 13, 2019
    risk 0.00cvss epss 0.02

    The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.

  • CVE-2018-19018Feb 12, 2019
    risk 0.00cvss epss 0.01

    An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2018-19020Feb 12, 2019
    risk 0.00cvss epss 0.01

    When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.

  • CVE-2019-6517Feb 6, 2019
    risk 0.00cvss epss 0.00

    BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged…

  • CVE-2018-19015Jan 28, 2019
    risk 0.00cvss epss 0.01

    An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.

  • CVE-2018-19021Jan 25, 2019
    risk 0.00cvss epss 0.01

    A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

  • CVE-2018-19013Jan 22, 2019
    risk 0.00cvss epss 0.01

    An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.

  • CVE-2018-19017Jan 22, 2019
    risk 0.00cvss epss 0.02

    Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute…

  • CVE-2018-19011Jan 22, 2019
    risk 0.00cvss epss 0.02

    CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.

  • CVE-2018-19019Jan 22, 2019
    risk 0.00cvss epss 0.01

    A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2018-17907Nov 5, 2018
    risk 0.00cvss epss 0.01

    When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.

  • CVE-2018-17905Nov 5, 2018
    risk 0.00cvss epss 0.01

    When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.

  • CVE-2018-17913Nov 5, 2018
    risk 0.00cvss epss 0.02

    A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.

  • CVE-2018-17909Nov 5, 2018
    risk 0.00cvss epss 0.02

    When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.