Emerson DeltaV Distributed Control System

CPE Details

Emerson DeltaV Distributed Control System
emerson
deltav_distributed_control_system
-
2022-02-02
11h18 +00:00
2022-02-02
11h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:emerson:deltav_distributed_control_system:-:*:*:*:*:*:*:*

Informations

Vendor

emerson

Product

deltav_distributed_control_system

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29957 2022-07-26
19h14 +00:00		 The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
7.8
High
CVE-2022-29965 2022-07-26
19h14 +00:00		 The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
5.5
Medium