CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 Not Applicable Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03 Third Party Advisory US Government Resource
https://www.forescout.com/blog/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emerson:openbsi:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:-:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp1:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp2:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp3:*:*:*:*:*:*

History

13 Feb 2024, 15:57

Type Values Removed Values Added
CWE CWE-327 CWE-798

Information

Published : 2022-07-26 22:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-29960

Mitre link : CVE-2022-29960

CVE.ORG link : CVE-2022-29960


JSON object : View

Products Affected

emerson

  • openbsi
CWE
CWE-798

Use of Hard-coded Credentials