Vulnerabilities (CVE)

Filtered by vendor Emerson Subscribe
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6971 1 Emerson 1 Valvelink 2024-11-21 4.6 MEDIUM 7.8 HIGH
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
CVE-2020-6970 1 Emerson 1 Openenterprise Scada Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
CVE-2020-27254 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
CVE-2020-19419 1 Emerson 2 Smart Wireless Gateway 1420, Smart Wireless Gateway 1420 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
CVE-2020-19417 1 Emerson 2 Wireless 1420 Gateway, Wireless 1420 Gateway Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
CVE-2020-16235 1 Emerson 1 Openenterprise Scada Server 2024-11-21 2.1 LOW 3.8 LOW
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
CVE-2020-12525 4 Emerson, Pepperl-fuchs, Wago and 1 more 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more 2024-11-21 6.8 MEDIUM 7.3 HIGH
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12030 1 Emerson 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more 2024-11-21 6.8 MEDIUM 10.0 CRITICAL
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
CVE-2020-10640 1 Emerson 1 Openenterprise Scada Server 2024-11-21 10.0 HIGH 10.0 CRITICAL
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2020-10636 1 Emerson 1 Openenterprise Scada Server 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
CVE-2020-10632 1 Emerson 1 Openenterprise Scada Server 2024-11-21 5.0 MEDIUM 8.8 HIGH
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
CVE-2019-13524 1 Emerson 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more 2024-11-21 7.8 HIGH 7.5 HIGH
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
CVE-2019-12167 1 Emerson 2 Liebert Challenger, Liebert Challenger Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
CVE-2019-10967 1 Emerson 2 Ovation Ocr400, Ovation Ocr400 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.
CVE-2019-10965 1 Emerson 2 Ovation Ocr400, Ovation Ocr400 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.
CVE-2018-5452 1 Emerson 2 Controlwave Micro, Controlwave Micro Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.
CVE-2018-19021 1 Emerson 1 Deltav 2024-11-21 3.3 LOW 6.5 MEDIUM
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
CVE-2018-14808 1 Emerson 1 Ams Device Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
CVE-2018-14804 1 Emerson 1 Ams Device Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
CVE-2018-14797 1 Emerson 1 Deltav 2024-11-21 6.8 MEDIUM 7.8 HIGH
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.